Changes between Version 12 and Version 13 of CipherNegotiation
- Timestamp:
- 08/11/20 14:02:08 (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
CipherNegotiation
v12 v13 9 9 10 10 == OpenVPN effective directives: 11 `--data-cipher ALG:ALG` - Data channel ciphers. [[br]]12 `--data-cipher-fallback ALG :ALG*` - Fallback data channel cipher(s) (*List?).[[br]]13 `--cipher ALG` - Data channel cipher. To be deprecated. [[br]]11 `--data-cipher ALG:ALG` - Data channel ciphers. Default `ALG` AES-256-GCM:AES-128-GCM [[br]] 12 `--data-cipher-fallback ALG` - Fallback data channel cipher.[[br]] 13 `--cipher ALG` - Data channel cipher. To be deprecated.Default `ALG` BF-CBC [[br]] 14 14 `--ncp-disable` - Disable NCP - Deprecated [[br]] 15 15 … … 31 31 32 32 == Expected Behaviour indexed by Server version: 33 === Server version 2.5 34 a. Default configuration: No effective directives specified.[[br]] 33 === Server version 2.5 - a. Default configuration: No effective directives specified.[[br]] 35 34 || `--cipher` ||= `--data-cipher` =||= `-fallback` =|| NCP || 36 || - ||= AES-256-GCM:AES-128-GCM=||= - =|| Yes ||35 || - ||= - =||= - =|| Yes || 37 36 38 37 ==== Client version 2.5 39 38 || `--cipher` ||= `--data-cipher` =||= `-fallback` =|| NCP || Connection || 40 || - ||= - =||= - =|| Yes || AES-256-GCM ||41 || AES-256-CBC ||= - =||= - =|| Yes || AES-256-GCM ||42 || BF-CBC ||= - =||= - =|| Yes || AES-256-GCM ||39 || - ||= - =||= - =|| Yes || OK. AES-256-GCM || 40 || AES-256-CBC ||= - =||= - =|| Yes || OK. AES-256-GCM || 41 || BF-CBC ||= - =||= - =|| Yes || OK. AES-256-GCM || 43 42 44 43 ==== Client version 2.4 45 || `--cipher` || = `--data-cipher` =||= `-fallback` =||NCP || Connection ||46 || - || = - =||= - =|| Yes ||AES-256-GCM ||47 || AES-256-CBC || = - =||= - =|| Yes ||AES-256-GCM ||48 || BF-CBC || = - =||= - =|| Yes ||AES-256-GCM ||44 || `--cipher` || NCP || Connection || 45 || - || Yes || OK. AES-256-GCM || 46 || AES-256-CBC || Yes || OK. AES-256-GCM || 47 || BF-CBC || Yes || OK. AES-256-GCM || 49 48 50 49 ==== Client version 2.3 51 || `--cipher` || = `--data-cipher` =||= `-fallback` =||NCP || Connection ||52 || - || = - =||= - =|| No || Fail||53 || AES-256-CBC || = - =||= - =|| No || Fail||54 || BF-CBC || = - =||= - =|| No || Fail||50 || `--cipher` || NCP || Connection || 51 || - || No || Fail. (no shared cipher) || 52 || AES-256-CBC || No || Fail. (no shared cipher) || 53 || BF-CBC || No || Fail. (no shared cipher) || 55 54 56 55 ==== Client version 2.2 57 || `--cipher` || = `--data-cipher` =||= `-fallback` =||NCP || Connection ||58 || - || = - =||= - =|| No || Fail||59 || BF-CBC || = - =||= - =|| No || Fail||56 || `--cipher` || NCP || Connection || 57 || - || No || Fail (no shared cipher) || 58 || BF-CBC || No || Fail (no shared cipher) || 60 59 61 === Server version 2.5 62 b. Using `--data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC`[[br]] 63 || `--cipher` ||= `--data-cipher` =||= `-fallback` =|| NCP || 64 || - ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =||= - =|| Yes || 60 === Server version 2.5 - b. Using `--data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC`[[br]] 61 || `--cipher` ||= `--data-cipher` =||= `-fallback` =|| NCP || 62 || - ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =||= - =|| Yes || 65 63 66 64 ==== Client version 2.3 67 || `--cipher` || = `--data-cipher` =||= `-fallback` =|| NCP || Connection||68 || - || = - =||= - =|| No || BF-CBC||69 || AES-256-CBC || = - =||= - =|| No ||AES-256-CBC ||70 || BF-CBC || = - =||= - =|| No || BF-CBC||65 || `--cipher` || NCP || Connection || 66 || - || No || OK. BF-CBC || 67 || AES-256-CBC || No || OK. AES-256-CBC || 68 || BF-CBC || No || OK. BF-CBC || 71 69 72 70 ==== Client version 2.2 73 || `--cipher` || = `--data-cipher` =||= `-fallback` =||NCP || Connection ||74 || - || = - =||= - =|| No ||BF-CBC ||75 || BF-CBC || = - =||= - =|| No ||BF-CBC ||71 || `--cipher` || NCP || Connection || 72 || - || No || OK. BF-CBC || 73 || BF-CBC || No || OK. BF-CBC || 76 74 77 75 ---- … … 80 78 81 79 TODO.[[br]] 82 Only effects 80 Only effects .. 83 81 84 82 [[br]]