Question about TLS session information in logs
Posted: Tue Jul 24, 2018 8:16 pm
Hi,
We've had a security/compliance auditor request that we prove that we've completely disabled TLS 1.0 and 1.1 for client VPN connections. I believe we've done so, as we've gone through all the available configuration options and connections indicate that TLS 1.2 is being used for the session (and a TLS 1.2-only cipher suite is in use), however, the log outputs the following info:
"Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384"
The auditor was asking, and I could not provide a good answer for, why what seems to be a TLS 1.2 session had log information that reflected TLS1/SSL3.
My assumption is that this was merely an old construct of how the logs were generated and does not reflect that the session is somehow a TLSv1 or SSLv3 session, especially given that cipher suite.
Does anyone know for sure?
We've had a security/compliance auditor request that we prove that we've completely disabled TLS 1.0 and 1.1 for client VPN connections. I believe we've done so, as we've gone through all the available configuration options and connections indicate that TLS 1.2 is being used for the session (and a TLS 1.2-only cipher suite is in use), however, the log outputs the following info:
"Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384"
The auditor was asking, and I could not provide a good answer for, why what seems to be a TLS 1.2 session had log information that reflected TLS1/SSL3.
My assumption is that this was merely an old construct of how the logs were generated and does not reflect that the session is somehow a TLSv1 or SSLv3 session, especially given that cipher suite.
Does anyone know for sure?