Changes between Version 17 and Version 18 of CipherNegotiation

Timestamp:

08/11/20 16:08:13 (4 years ago)

Author:

tct

Comment:

--

CipherNegotiation

@@ -4 +4 @@
 For full details please see: [[br]]
 https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst
-
 
 [[TOC(notitle, inline)]]
@@ -17 +16 @@
 
 == Common configurations
+Commonly expected configurations of the ''Effective directives'' above.
 === Servers
-  a. Version 2.5
-    i. Default configuration: No effective directives specified.[[br]]
-    i. Using `--data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC`[[br]]
-    [[br]]
-  a. Version 2.4
-    i. Default configuration: No effective directives specified.[[br]]
-    i. Using `--cipher AES-256-CBC`[[br]]
-    i. Using `--cipher AES-256-CBC` & `--ncp-disable`[[br]]
-    [[br]]
-  a. Version 2.3
-    i. Default configuration: No effective directives specified.[[br]]
-    i. Using `--cipher AES-256-CBC`[[br]]
-    [[br]]
-  a. Version 2.2
-    i. Default configuration: No effective directives specified.[[br]]
-    i. All bets are off.[[br]]
+  * Version 2.5
+    a. Default configuration: No effective directives specified.[[br]]
+    a. Using: `--data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC`[[br]]
+
+  * Version 2.4
+    a. Default configuration: No effective directives specified.[[br]]
+    a. Using: `--cipher AES-256-CBC`[[br]]
+    a. Using: `--cipher AES-256-CBC` & `--ncp-disable`[[br]]
+
+  * Version 2.3
+    a. Default configuration: No effective directives specified.[[br]]
+    a. Using: `--cipher AES-256-CBC`[[br]]
+
+  * Version 2.2
+    a. Default configuration: No effective directives specified.[[br]]
+    a. All bets are off.[[br]]
 
 === Clients
-  a. Version 2.5
-    i. Default configuration: No effective directives specified.[[br]]
-    [[br]]
-  a. Version 2.4
-    i. Default configuration: No effective directives specified.[[br]]
-    [[br]]
-  a. Version 2.3
-    i. Default configuration: No effective directives specified.[[br]]
-    [[br]]
-  a. Version 2.2
-    i. Default configuration: No effective directives specified.[[br]]
+  * Version 2.5
+    a. Default configuration: No effective directives specified.[[br]]
+
+  * Version 2.4
+    a. Default configuration: No effective directives specified.[[br]]
+    a. Using: `--cipher AES-256-CBC`[[br]]
+
+  * Version 2.3
+    a. Default configuration: No effective directives specified.[[br]]
+    a. Using: `--cipher AES-256-CBC`[[br]]
+
+  * Version 2.2
+    a. Default configuration: No effective directives specified.[[br]]
+    a. All bets are off.[[br]]
 
 == Expected Behaviour indexed by Server version
@@ -59 +62 @@
   ||  AES-256-CBC  ||=  -  =||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
   ||  BF-CBC       ||=  -  =||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
+
     * __Client version 2.4__
   ||  `--cipher`   ||  NCP  ||  Connection       ||
@@ -64 +68 @@
   ||  AES-256-CBC  ||  Yes  ||  OK. AES-256-GCM  ||
   ||  BF-CBC       ||  Yes  ||  OK. AES-256-GCM  ||
+
     * __Client version 2.3__
   ||  `--cipher`   ||  NCP  ||  Connection                ||
@@ -69 +74 @@
   ||  AES-256-CBC  ||  No   ||  Fail. (no shared cipher)  ||
   ||  BF-CBC       ||  No   ||  Fail. (no shared cipher)  ||
+
     * __Client version 2.2__
   ||  `--cipher`   ||  NCP  ||  Connection               ||
@@ -83 +89 @@
   ||  AES-256-CBC  ||  No   ||  OK. AES-256-CBC  ||
   ||  BF-CBC       ||  No   ||  OK. BF-CBC       ||
+
     * __Client version 2.2__
   ||  `--cipher`   ||  NCP  ||  Connection  ||
@@ -93 +100 @@
 ||  -           ||=  -                     =||  Yes  ||
 
-    i. Client version 2.5
+    * __Client version 2.5__
   ||  `--cipher`   ||=  `--data-ciphers`  =||=  `-fallback`  =||  NCP  ||  Connection  ||
   ||    -          ||=  -  =||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
@@ -99 +106 @@
   ||  BF-CBC       ||=  -  =||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
 
-    i. Client version 2.4
+    * __Client version 2.4__
   ||  `--cipher`   ||=  `--ncp-ciphers`       =||  NCP  ||  Connection       ||
   ||  -            ||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
@@ -105 +112 @@
   ||  BF-CBC       ||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
 
+    * __Client version 2.3__
+  ||  `--cipher`   ||  NCP  ||  Connection  ||
+  ||  -            ||  No   ||  OK. BF-CBC  ||
+  ||  AES-256-CBC  ||  No   ||  Fail (no shared cipher)  ||
+  ||  BF-CBC       ||  No   ||  OK. BF-CBC  ||
+
+    * __Client version 2.2__
+  ||  `--cipher`   ||  NCP  ||  Connection  ||
+  ||    -          ||  No   ||  OK. BF-CBC  ||
+  ||  BF-CBC       ||  No   ||  OK. BF-CBC  ||
+
+=== Server version 2.4
+==== Using: `--cipher AES-256-CBC`[[br]]
+||  `--cipher`   ||=  `--ncp-ciphers`       =||  NCP  ||
+||  AES-256-CBC  ||=  -                     =||  Yes  ||
+
+    * __Client version 2.5__
+  ||  `--cipher`   ||=  `--data-ciphers`  =||=  `-fallback`  =||  NCP  ||  Connection  ||
+  ||    -          ||=  -  =||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
+  ||  AES-256-CBC  ||=  -  =||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
+  ||  BF-CBC       ||=  -  =||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
+
+    * __Client version 2.4__
+  ||  `--cipher`   ||=  `--ncp-ciphers`       =||  NCP  ||  Connection       ||
+  ||  -            ||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
+  ||  AES-256-CBC  ||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
+  ||  BF-CBC       ||=  -  =||  Yes  ||  OK. AES-256-GCM  ||
+
+    * __Client version 2.3__
+  ||  `--cipher`   ||  NCP  ||  Connection  ||
+  ||  -            ||  No   ||  OK. BF-CBC  ||
+  ||  AES-256-CBC  ||  No   ||  Fail (no shared cipher)  ||
+  ||  BF-CBC       ||  No   ||  OK. BF-CBC  ||
+
+    * __Client version 2.2__
+  ||  `--cipher`   ||  NCP  ||  Connection  ||
+  ||    -          ||  No   ||  OK. BF-CBC  ||
+  ||  BF-CBC       ||  No   ||  OK. BF-CBC  ||
+
+=== Server version 2.4
+==== Using: `--cipher AES-256-CBC` & `--ncp-disable`[[br]]
+||  `--cipher`   ||=  `--ncp-ciphers`       =||  NCP  ||
+||  AES-256-CBC  ||=  -                     =||  No  ||
+
+    * __Client version 2.5__
+  ||  `--cipher`   ||=  `--data-ciphers`  =||=  `-fallback`  =||  NCP  ||  Connection  ||
+  ||    -          ||=  -  =||=  -  =||  Yes  ||  Fail (no shared cipher)  ||
+  ||  AES-256-CBC  ||=  -  =||=  -  =||  Yes  ||  OK. AES-256-CBC  ||
+  ||  BF-CBC       ||=  -  =||=  -  =||  Yes  ||  Fail (no shared cipher)  ||
+
+    * __Client version 2.4__
+  ||  `--cipher`   ||=  `--ncp-ciphers`       =||  NCP  ||  Connection       ||
+  ||  -            ||=  -  =||  Yes  ||  Fail (no shared cipher)  ||
+  ||  AES-256-CBC  ||=  -  =||  Yes  ||  OK. AES-256-CBC  ||
+  ||  BF-CBC       ||=  -  =||  Yes  ||  Fail (no shared cipher)  ||
+
+    * __Client version 2.3__
+  ||  `--cipher`   ||  NCP  ||  Connection  ||
+  ||  -            ||  No   ||  OK. BF-CBC  ||
+  ||  AES-256-CBC  ||  No   ||  OK. AES-256-CBC  ||
+  ||  BF-CBC       ||  No   ||  OK. BF-CBC  ||
+
+    * __Client version 2.2__
+  ||  `--cipher`   ||  NCP  ||  Connection  ||
+  ||    -          ||  No   ||  OK. BF-CBC  ||
+  ||  BF-CBC       ||  No   ||  OK. BF-CBC  ||
+
 
 ----