I took this table snippet from Sec+ 601 course.
For SSTP, it says the encryption is SSL 3.0 and that it is weak.
Does SSTP not use TLS, which is strong?
Thank you!
-
Security+ 601: SSTP Protocol
-
@shahla-pirnia said in Security+ 601: SSTP Protocol:
For SSTP, it says the encryption is SSL 3.0 and that it is weak.
Does SSTP not use TLS, which is strong?
Thank you!
So, SSTP as a
tunneling protocolrelies on SSL 3.0. At the point of the table you've shown, SSTP may not have yet be standardized and interoperability was challenging. But Microsoft, the creator of SSTP was only considering SSTP as only a tunneling protocol not yet what we think of today as a standardized SSL VPN.Cordially,
Ronnie Wong
Edutainer, ITProTV*if the post above has answered the question, please mark the topic as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied support or guarantee by the ITProTV team.
