I took this table snippet from Sec+ 601 course.
For SSTP, it says the encryption is SSL 3.0 and that it is weak.
Does SSTP not use TLS, which is strong?
Thank you!
-
Security+ 601: SSTP Protocol
-
@shahla-pirnia said in Security+ 601: SSTP Protocol:
For SSTP, it says the encryption is SSL 3.0 and that it is weak.
Does SSTP not use TLS, which is strong?
Thank you!
So, SSTP as a
tunneling protocolrelies on SSL 3.0. At the point of the table you've shown, SSTP may not have yet be standardized and interoperability was challenging. But Microsoft, the creator of SSTP was only considering SSTP as only a tunneling protocol not yet what we think of today as a standardized SSL VPN.Cordially,
Ronnie Wong
Edutainer Manager, ITProTV*if the post above has answered the question, please mark as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied service, support, or guarantee by ITProTV.
