Changes between Version 14 and Version 15 of CipherNegotiation
- Timestamp:
- 08/11/20 14:28:59 (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
CipherNegotiation
v14 v15 11 11 `--data-ciphers ALG:ALG` - Data channel ciphers. Default `ALG` AES-256-GCM:AES-128-GCM [[br]] 12 12 `--data-cipher-fallback ALG` - Fallback data channel cipher.[[br]] 13 `--cipher ALG` - Data channel cipher. To be deprecated.Default `ALG` BF-CBC [[br]] 14 `--ncp-disable` - Disable NCP - Deprecated [[br]] 13 `--cipher ALG` - Data channel cipher. To be deprecated.[[br]] 14 In OpenVPN 2.5 `--cipher` does not have a default `ALG`.[[br]] 15 In OpenVPN upto 2.4 the default `ALG` is BF-CBC.[[br]] 16 `--ncp-disable` - Disable NCP - **Deprecated**.[[br]] 15 17 16 18 == Common configurations: … … 31 33 32 34 == Expected Behaviour indexed by Server version: 33 === Server version 2.5 - a. Default configuration: No effective directives specified.[[br]] 35 === Server version 2.5 36 ==== a. Default configuration: No effective directives specified.[[br]] 34 37 || `--cipher` ||= `--data-ciphers` =||= `-fallback` =|| NCP || 35 || - ||= - =||= - =|| Yes ||38 || - ||= - =||= - =|| Yes || 36 39 37 ==== Client version 2.540 ===== Client version 2.5 38 41 || `--cipher` ||= `--data-ciphers` =||= `-fallback` =|| NCP || Connection || 39 42 || - ||= - =||= - =|| Yes || OK. AES-256-GCM || … … 41 44 || BF-CBC ||= - =||= - =|| Yes || OK. AES-256-GCM || 42 45 43 ==== Client version 2.444 || `--cipher` || NCP || Connection ||46 ===== Client version 2.4 47 || `--cipher` || NCP || Connection || 45 48 || - || Yes || OK. AES-256-GCM || 46 49 || AES-256-CBC || Yes || OK. AES-256-GCM || 47 50 || BF-CBC || Yes || OK. AES-256-GCM || 48 51 49 ==== Client version 2.350 || `--cipher` || NCP || Connection ||51 || - || No || Fail. (no shared cipher) ||52 || AES-256-CBC || No || Fail. (no shared cipher) ||53 || BF-CBC || No || Fail. (no shared cipher) ||52 ===== Client version 2.3 53 || `--cipher` || NCP || Connection || 54 || - || No || Fail. (no shared cipher) || 55 || AES-256-CBC || No || Fail. (no shared cipher) || 56 || BF-CBC || No || Fail. (no shared cipher) || 54 57 55 ==== Client version 2.256 || `--cipher` || NCP || Connection ||57 || - || No || Fail (no shared cipher) ||58 || BF-CBC || No || Fail (no shared cipher) ||58 ===== Client version 2.2 59 || `--cipher` || NCP || Connection || 60 || - || No || Fail (no shared cipher) || 61 || BF-CBC || No || Fail (no shared cipher) || 59 62 60 === Server version 2.5 -b. Using `--data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC`[[br]]63 ==== b. Using `--data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC`[[br]] 61 64 || `--cipher` ||= `--data-ciphers` =||= `-fallback` =|| NCP || 62 65 || - ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =||= - =|| Yes || 63 66 64 ==== Client version 2.367 ===== Client version 2.3 65 68 || `--cipher` || NCP || Connection || 66 69 || - || No || OK. BF-CBC || … … 68 71 || BF-CBC || No || OK. BF-CBC || 69 72 70 ==== Client version 2.273 ===== Client version 2.2 71 74 || `--cipher` || NCP || Connection || 72 75 || - || No || OK. BF-CBC ||