Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1041
Views
5
Helpful
1
Replies

TLS 1.0 in SSL VPN. Is it high time to write it off?

Ivanleonel
Level 1
Level 1

‎10-30-2015 06:08 PM

Hi!

What do you think about TLS 1.0 using in SSL VPN on cisco ASA?
Notably I’m using DTLS 1.0 with RSA_AES_128_SHA1 cipher and SHA2 certificates.

I Have a bunch old ASA 5505 which don’t support TLS 1.1/1.2 so I wonder:
1) How bad is to use TLS 1.0 in SSL VPN nowadays? As far as I understand BEAST is not simple way to implement isn’t?
2) Is there only one major security risk with TLS 1.0 (BEAST)?

Thanks!

Labels:
0 Helpful
1 Reply 1

rvarelac
Level 7
Level 7

‎11-08-2015 08:45 PM

Hi Ivan, 

From the security perspective is higly recommeded to have the network devices using the most secure protocols available, as you mention unfortunately the ASA5505 does not support TLS1.2 due to the hardware limitation. 

Implement a BEAST attack is extremely complex and have a low chance of sucess, however there is always the possibilit that someone can exploit this vulnerabiliy.

I found the following forum intersting, I hope it clears your doubts about BEAST and TLSv1.0 vulnerabilities.

https://community.qualys.com/blogs/securitylabs/2013/09/10/is-beast-still-a-threat

Hope it helps.

-Randy-

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents