Changes between Version 14 and Version 15 of CipherNegotiation


Ignore:
Timestamp:
08/11/20 14:28:59 (4 years ago)
Author:
tct
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • CipherNegotiation

    v14 v15  
    1111`--data-ciphers ALG:ALG` - Data channel ciphers. Default `ALG` AES-256-GCM:AES-128-GCM [[br]]
    1212`--data-cipher-fallback ALG` - Fallback data channel cipher.[[br]]
    13 `--cipher ALG` - Data channel cipher. To be deprecated.Default `ALG` BF-CBC [[br]]
    14 `--ncp-disable` - Disable NCP - Deprecated [[br]]
     13`--cipher ALG` - Data channel cipher. To be deprecated.[[br]]
     14  In OpenVPN 2.5 `--cipher` does not have a default `ALG`.[[br]]
     15  In OpenVPN upto 2.4 the default `ALG` is BF-CBC.[[br]]
     16`--ncp-disable` - Disable NCP - **Deprecated**.[[br]]
    1517
    1618== Common configurations:
     
    3133
    3234== Expected Behaviour indexed by Server version:
    33 === Server version 2.5 - a. Default configuration: No effective directives specified.[[br]]
     35=== Server version 2.5
     36==== a. Default configuration: No effective directives specified.[[br]]
    3437||  `--cipher`  ||=  `--data-ciphers`          =||=  `-fallback`  =||  NCP  ||
    35 ||  -           ||=  -                        =||=  -            =||  Yes  ||
     38||  -           ||=  -                         =||=  -            =||  Yes  ||
    3639
    37 ==== Client version 2.5
     40===== Client version 2.5
    3841  ||  `--cipher`   ||=  `--data-ciphers`  =||=  `-fallback`  =||  NCP  ||  Connection  ||
    3942  ||    -          ||=  -  =||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
     
    4144  ||  BF-CBC       ||=  -  =||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
    4245
    43 ==== Client version 2.4
    44   ||  `--cipher`   ||  NCP  ||  Connection  ||
     46===== Client version 2.4
     47  ||  `--cipher`   ||  NCP  ||  Connection       ||
    4548  ||  -            ||  Yes  ||  OK. AES-256-GCM  ||
    4649  ||  AES-256-CBC  ||  Yes  ||  OK. AES-256-GCM  ||
    4750  ||  BF-CBC       ||  Yes  ||  OK. AES-256-GCM  ||
    4851
    49 ==== Client version 2.3
    50   ||  `--cipher`   ||  NCP  ||  Connection  ||
    51   ||  -            ||  No  ||  Fail. (no shared cipher)  ||
    52   ||  AES-256-CBC  ||  No  ||  Fail. (no shared cipher)  ||
    53   ||  BF-CBC       ||  No  ||  Fail. (no shared cipher)  ||
     52===== Client version 2.3
     53  ||  `--cipher`   ||  NCP  ||  Connection                ||
     54  ||  -            ||  No   ||  Fail. (no shared cipher)  ||
     55  ||  AES-256-CBC  ||  No   ||  Fail. (no shared cipher)  ||
     56  ||  BF-CBC       ||  No   ||  Fail. (no shared cipher)  ||
    5457
    55 ==== Client version 2.2
    56   ||  `--cipher`   ||  NCP  ||  Connection  ||
    57   ||    -          ||  No  ||  Fail (no shared cipher)  ||
    58   ||  BF-CBC       ||  No  ||  Fail (no shared cipher)  ||
     58===== Client version 2.2
     59  ||  `--cipher`   ||  NCP  ||  Connection               ||
     60  ||    -          ||  No   ||  Fail (no shared cipher)  ||
     61  ||  BF-CBC       ||  No   ||  Fail (no shared cipher)  ||
    5962
    60 === Server version 2.5 - b. Using `--data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC`[[br]]
     63==== b. Using `--data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC`[[br]]
    6164||  `--cipher`  ||=  `--data-ciphers`  =||=  `-fallback`  =||  NCP  ||
    6265||  -  ||=  AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC  =||=  -  =||  Yes  ||
    6366
    64 ==== Client version 2.3
     67===== Client version 2.3
    6568  ||  `--cipher`   ||  NCP  ||  Connection       ||
    6669  ||  -            ||  No   ||  OK. BF-CBC       ||
     
    6871  ||  BF-CBC       ||  No   ||  OK. BF-CBC       ||
    6972
    70 ==== Client version 2.2
     73===== Client version 2.2
    7174  ||  `--cipher`   ||  NCP  ||  Connection  ||
    7275  ||    -          ||  No   ||  OK. BF-CBC  ||