Is SSL VPN dead?

Is SSL VPN dead? This is the question many businesses and professionals are asking in the later stages of 2025. Before we dive deeper, we need to understand what SSL VPN is? What it does? Why vendors are dropping it (or are they)? What are the alternatives?

What is SSL VPN?

SSL VPN stands for Secure Socket Layer Virtual Private Network. The technology is comprised of either the Secure Socket Layer or Transport Layer Security (TLS) protocols. In recent times TLS is more commonly used due to its improved security. TLS 1.3 is the latest and most recommended release.

What it does?

One of the most common use cases for SSL VPN is for remote working. SSL VPN working in this manner is known Remote Access VPN (RAVPN). Since the pandemic the workforce has become more mobile. Subsequently, spending less time in the office directly connected to business services and infrastructure.

SSL VPN allows users to remotely access infrastructure and services which are typically hosted in an on premise data centre or private cloud belonging to the company.. Employees likely have a client installed on their device which allows them to authenticate and build an encrypted SSL tunnel to the business data centre. Within this tunnel data flows to and from the client providing end to end security.

Why are vendors dropping it?

It's no secret now that a number of the leading security vendors are dropping support for SSL VPN in later software and hardware releases. The main reason for this due to the inherent insecure nature of SSL VPN and how its built on these security platforms. Multiple major CVE's are disclosed every year. The constant fire fighting has caused some vendors to no longer continue development and allocate resources to their SASE solutions. More to follow on SASE. The latest CVEs can be found for all vendors at cve.org.

What are the alternatives?

There are a number of alternative solutions to SSL VPN for remote working. Some of these include IPSEC VPN and SASE. Albeit these are viable options, they don't come without their own caveats.

IPSEC VPN

IPSEC VPN used in a few different ways with remote access vpns being one of them. Internet Protocol Security (IPSEC) uses a suite of protocols to secure the authenticity, authorisation and integrity of data. An encrypted tunnel is created just like SSL for data transfer.

Although it's a very common suite of protocols supported by most vendors, it does come with some drawbacks when implementing into a mobile work force. One of the big roadblocks is the protocols use of port UDP4500. As IPSEC is used for B2B vpn connectivity many public networks block UDP4500. This is troublesome if your have a remote worker trying to remote into the company network whilst connected to a public network such as an airport

Some vendors allow IPSEC VPNS to established over TCP443 which is more widely accepted but is less supported by security vendors.

Secure Access Security Edge (SASE)

SASE is the latest terminology pushed by vendors. SASE is actually a suite of security products which include firewall as a service, SD-WAN and CASB services. For the purpose of this blog we'll be focusing on Zero Touch Network Access (ZTNA).

The zero trust model using the constant application verification model rather than a single authentication model. This means instead of logging into a vpn client and broadly accessing company wide network, a users device dynamically creates application specific tunnels. When connectivity to an application is no longer required the tunnel terminated, requiring further verification for further access.

Not only is this more secure, this also offers a more seamless experience for the users. Not having to worry whether you should be on or off the vpn to access a specific application is positive.

Comparison

As mention above, we know vendors are and have dropped support for SSL in later software and hardware releases. But we've already heard of a comeback on the grapes.

As we draw this blog to a conclusion, we'd like to heard your opinion. Is SSL VPN really dead?