id summary reporter owner description type status priority milestone component version severity resolution keywords cc 168 "Cipher block modes other than CBC fail with error ""Assertion failed at crypto.c:161""" ard "Using a cipher algorithm with any cipher block modes other than CBC results in error ""Assertion failed at crypto.c:161"" shortly after connection is established. The connection is aborted. This happens both with TLS and with shared secret modes. Thus, only CBC mode is functional for OpenVPN currently. This has been tested on a CentOS 5.7 box running rpmforge's openvpn-2.2.0-3.el5.rf package both as a server and client. This problem has also been seen using that server with a Windows XP client running the official openvpn-2.2.1-install.exe binary. The error message appears both on the server and the client. (In my tests, usually the client is the first to abort with it, and then the server will do the same). This is very easy to test with the provided sample keys and configurations. Shared secret operations can be tested with: openvpn --test-crypto --secret sample-keys/ta.key --cipher $CIPHER TLS operation can be tested with: openvpn --config sample-config-files/loopback-client --cipher $CIPHER & openvpn --config sample-config-files/loopback-server --cipher $CIPHER Of course, here the CIPHER environment variable should contain the cipher name to be tested, and this should be repeated over all of the ciphers reported by openvpn --show-ciphers . " Bug / Defect closed major Crypto OpenVPN 2.2.0 (Community Ed) Not set (select this one, unless your'e a OpenVPN developer) duplicate CFB OFB cipher block assertion