Opened 8 years ago

Closed 8 years ago

#762 closed Feature Wish (fixed)

want [AEAD] notice in log

Reported by: Gert Döring Owned by: Gert Döring
Priority: major Milestone: release 2.4
Component: Generic / unclassified Version: OpenVPN 2.4_alpha2 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


This client refuses to do NCP...

Nov  7 11:35:34 fbsd93 openvpn[93232]: OpenVPN 2.4_alpha2 amd64-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [IPv6] built on Nov  6 2016
Nov  7 11:35:34 fbsd93 openvpn[93232]: library versions: OpenSSL 0.9.8zh-freebsd 3 Dec 2015, LZO 2.09

and unless one *knows* that this openssl version is old enough to not have the needed bits for AEAD, it's a bit tricky to debug why it ends up with

Nov  7 11:35:36 fbsd93 openvpn[93233]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).

feature wanted!

Change History (2)

comment:1 Changed 8 years ago by Gert Döring

Owner: set to Gert Döring
Status: newaccepted

comment:2 Changed 8 years ago by Gert Döring

Resolution: fixed
Status: acceptedclosed

commit 2391a3ab08227a061a7f561e26b9688f6ba80e70
Author: Gert Doering
Date: Mon Nov 7 11:50:52 2016 +0100

openvpn version line: remove [IPv6], add [AEAD] if available

... that was a quick one :)

Note: See TracTickets for help on using tickets.