Opened 8 years ago
Last modified 8 years ago
#732 closed Bug / Defect
manual entry for --cipher — at Initial Version
| Reported by: | krzee king | Owned by: | |
|---|---|---|---|
| Priority: | trivial | Milestone: | |
| Component: | Documentation | Version: | OpenVPN 2.3.12 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
from 2.3 manual:
--cipher alg Encrypt data channel packets with cipher algorithm alg. The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode. Blowfish has the advantages of being fast, very secure, and allowing key sizes of up to 448 bits. Blowfish is designed to be used in situations where keys are changed infrequently.
In light of sweet32 this probably needs an update in wording. I assume you guys have a few things to say here about cipher negotiation, but maybe for older manuals this will work:
--cipher alg Encrypt data channel packets with cipher algorithm alg. The default in this version of openvpn is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode. Blowfish has the advantages of being fast and allowing key sizes of up to 448 bits. Blowfish was considered secure for a long time, but in 2016 the default was changed to AES after an attack against blowfish was demonstrated in a lab. For more information, see: http://community.openvpn.net/openvpn/wiki/SWEET32
Note: See
TracTickets for help on using
tickets.
