@Eddiem wrote: Hello, my partner is asking if TLS1.2 is typically used for AutoVPN negotiation as well nowadays on MX devices. This document does not mention TLS version, but does mention SHA-1 and MD-5, which customer is concerned about: https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Site-to-site_VPN_Settings Indeed, there are other aspects of the AutoVPN that are worrying. DH groups 1,2,5 are supported for phase 1 - yet none of these are really recommended anymore. DES and 3DES shouldn't even be options, I'm surprised they are supported. I'm not so sure SHA1 is really the security risk everyone says it is - collisions are still pretty hard to come by on it. MD5 is unacceptable though. We don't use the site to site VPN so I've never looked much in to it - but these cryptographic options leave much to be desired. I'm curious if there is an update coming soon for them, all but the oldest of the MX series should be able to support higher key spaces without an issue.
... View more