Please do not release 6.14 with SSTP still broken. 6.13 has terrible performance/throughput compared to 6.12 and this issue has persisted to the pre-releases of 6.14. http://forum.mikrotik.com/viewtopic.php?f=1&t=85568 It would also make an abundance of sense to update OpenSSL to fix the recentl...

This is a very real performance issue in 6.13 that is easily reproduced and needs to be fixed.
Thanks for writing it up in such detail.

Have you contacted Mikrotik support via their email address?

I have noticed that the performance of SSTP is not as great as it could be. I had been hoping that things would improve with 6.13 - we were told that the OpenSSL library was being updated to the latest version. This latest OpenSSL version implements cipher suites that use the ChaCha20-Poly1305 and A...

[url=http://forum.mikrotik.com/viewtopic.php ... 18#p420218]And starting 6.12 we will have updated OpenSSL library that is not affected by it.

Does this mean that we will see TLS 1.2 support in 6.12?

I was told that:

all current released RouterOS versions are not affected by this issue. 6.12 will
have newer OpenSSL with this problem patched.

I asked about this issue in ticket #2014040866000258 as soon as I became aware of the vulnerability.

I will update back here when I hear anything from MikroTik.

A SSTP tunnel that I have between two Mikrotik routers broke after the upgrade to 6.11. It is configured so that the client verifies the server certificate and the server verifies the client certificate. The certificate and server certificate derive from the same root. The root is one that I genera...

With CAPsMAN, is the Acct-Multi-Session-Id attribute included properly in the RADIUS accounting that is performed by an access point so that there is a unique and constant session id across roams?

http://tools.ietf.org/html/rfc3580#section-2.2

Thanks,

Nick

A SSTP tunnel that I have between two Mikrotik routers broke after the upgrade to 6.11. It is configured so that the client verifies the server certificate and the server verifies the client certificate. The certificate and server certificate derive from the same root. The root is one that I generat...

"Encryption negotiation rejected" on SSTP server (6.10) when SSTP client (6.7) was trying to connect. After rolling back to 6.7 everything is working fine. Is there any fix/solution for this issue, please? Thank you Is there a reason the client cannot be updated? I have SSTP working site-...

I have two RouterBoards (RB750GL and RB951G-2HnD) with a site-to-site SSTP VPN running between them, Singapore to England. The path between then is observably symmetric, high bandwidth but is intrinsically latent due to the distance. There is little jitter and no observable packet loss. I can sustai...

I notice there is a typo when you login:

[Tab] Completes the command/word. If the input is ambigous,
a second [Tab] gives possible options

I presently use SSTP for site to site VPNs between router boards. It would be fantastic if MikroTik would consider offering the following in the future: 1) Support for TLS 1.2. 2) Granular control of the cipher suites offered on the server. 3) Support for AES-GCM. This is today the recommended secur...