wiki:CipherNegotiation

Version 32 (modified by tct, 4 years ago) (diff)

--

OpenVPN Cipher Negotiation (Quick reference)

This wiki defines the expected behaviour of Cipher Negotiation between common configurations of OpenVPN servers and clients.

OpenVPN would like to know about any unexpected behaviour.

For full details please see:
https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst

Table of Contents

  1. Effective directives
  2. Common configurations
    1. Servers
    2. Clients
  3. Expected Behaviour indexed by Server version
    1. Server version 2.5
      1. Default configuration: No effective directives specified.
      2. Server version 2.5 Configuring: --data-ciphers and --cipher
    2. Server version 2.4
      1. Default configuration: No effective directives specified.
      2. Server version 2.4 Configuring: --cipher
      3. Server version 2.4 Configuring: --cipher and --ncp-disable
    3. Server version 2.3
      1. Default configuration: No effective directives specified.
      2. Server version 2.3 Configuring: --cipher
    4. Server version 2.2
      1. Default configuration: No effective directives specified.
      2. Server version 2.2 Configuring: --cipher
  4. Corner case: OpenVPN built with --enable-small

Effective directives

2.5: --data-ciphers ALG:ALG - Data channel ciphers. Default ALG AES-256-GCM:AES-128-GCM
2.5: --data-cipher-fallback ALG - Fallback data channel cipher.
All: --cipher ALG - Data channel cipher. Will be deprecated.

In OpenVPN 2.5 --cipher does not have a default ALG.
In OpenVPN upto 2.4 the default ALG is BF-CBC.

2.4: --ncp-disable - Disable NCP - Deprecated.

Common configurations

Commonly expected configurations of the Effective directives above.

Servers

  • Version 2.5
    1. Default configuration: No effective directives specified.
    2. Configuring:
      --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
      --cipher BF-CBC
  • Version 2.4
    1. Default configuration: No effective directives specified.
    2. Configuring: --cipher
    3. Configuring: --cipher and --ncp-disable
  • Version 2.3
    1. Default configuration: No effective directives specified.
    2. Configuring: --cipher
  • Version 2.2
    1. Default configuration: No effective directives specified.
    2. Configuring: All bets are off - Upgrade now!

Clients

  • Version 2.5
    1. Default configuration: No effective directives specified.
  • Version 2.4
    1. Default configuration: No effective directives specified.
    2. Configuring: --cipher
  • Version 2.3
    1. Default configuration: No effective directives specified.
    2. Configuring: --cipher
  • Version 2.2
    1. Default configuration: No effective directives specified.
    2. Configuring: All bets are off - Upgrade now!

Expected Behaviour indexed by Server version

Server version 2.5

Default configuration: No effective directives specified.

--cipher --data-ciphers -fallback NCP
- - - Yes
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Yes OK. AES-256-GCM
AES-256-CBC - - Yes OK. AES-256-GCM
BF-CBC - - Yes OK. AES-256-GCM
  • Client version 2.4
--cipher NCP Connection
- Yes OK. AES-256-GCM
AES-256-CBC Yes OK. AES-256-GCM
BF-CBC Yes OK. AES-256-GCM
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
BF-CBC No Fail (no shared cipher)

Server version 2.5 Configuring: --data-ciphers and --cipher

--cipher --data-ciphers -fallback NCP
BF-CBC AES-256-GCM:AES-128-GCM:AES-256-CBC - Yes
  • Client version 2.3
--cipher NCP Connection
- No OK. BF-CBC
AES-256-CBC No OK. AES-256-CBC
BF-CBC No OK. BF-CBC
  • Client version 2.2
--cipher NCP Connection
- No OK. BF-CBC
BF-CBC No OK. BF-CBC

Server version 2.4

Default configuration: No effective directives specified.

--cipher --ncp-ciphers NCP
- - Yes
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Yes OK. AES-256-GCM
AES-256-CBC - - Yes OK. AES-256-GCM
BF-CBC - - Yes OK. AES-256-GCM
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Yes OK. AES-256-GCM
AES-256-CBC - Yes OK. AES-256-GCM
BF-CBC - Yes OK. AES-256-GCM
  • Client version 2.3
--cipher NCP Connection
- No OK. BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No OK. BF-CBC
  • Client version 2.2
--cipher NCP Connection
- No OK. BF-CBC
BF-CBC No OK. BF-CBC

Server version 2.4 Configuring: --cipher

--cipher --ncp-ciphers NCP
AES-256-CBC - Yes
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Yes OK. AES-256-GCM
AES-256-CBC - - Yes OK. AES-256-GCM
BF-CBC - - Yes OK. AES-256-GCM
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Yes OK. AES-256-GCM
AES-256-CBC - Yes OK. AES-256-GCM
BF-CBC - Yes OK. AES-256-GCM
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
BF-CBC No Fail (no shared cipher)

Server version 2.4 Configuring: --cipher and --ncp-disable

--cipher --ncp-ciphers NCP
AES-256-CBC - No
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Yes Fail (no shared cipher)
AES-256-CBC - - Yes OK. AES-256-CBC
BF-CBC - - Yes Fail (no shared cipher)
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Yes Fail (no shared cipher)
AES-256-CBC - Yes OK. AES-256-CBC
BF-CBC - Yes Fail (no shared cipher)
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
BF-CBC No Fail (no shared cipher)

Server version 2.3

Default configuration: No effective directives specified.

--cipher NCP
- No
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Denied Fail (no shared cipher)
AES-256-CBC - - Denied Fail (no shared cipher)
BF-CBC - - Denied OK. BF-CBC
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Denied Fail (no shared cipher)
AES-256-CBC - Denied Fail (no shared cipher)
BF-CBC - Denied OK. BF-CBC
  • Client version 2.3
--cipher NCP Connection
- No OK. BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No OK. BF-CBC
  • Client version 2.2
--cipher NCP Connection
- No OK. BF-CBC
BF-CBC No OK. BF-CBC

Server version 2.3 Configuring: --cipher

--cipher NCP
AES-256-CBC No
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Denied Fail (no shared cipher)
AES-256-CBC - - Denied OK. AES-256-CBC
BF-CBC - - Denied Fail (no shared cipher)
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Denied Fail (no shared cipher)
AES-256-CBC - Denied OK. AES-256-CBC
BF-CBC - Denied Fail (no shared cipher)
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
BF-CBC No Fail (no shared cipher)

Server version 2.2

Default configuration: No effective directives specified.

--cipher NCP
- No
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Denied Fail (no shared cipher)
AES-256-CBC - - Denied Fail (no shared cipher)
BF-CBC - - Denied OK. BF-CBC
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Denied OK. BF-CBC
AES-256-CBC - Denied Fail (no shared cipher)
BF-CBC - Denied OK. BF-CBC
  • Client version 2.3
--cipher NCP Connection
- No OK. BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No OK. BF-CBC
  • Client version 2.2
--cipher NCP Connection
- No OK. BF-CBC
BF-CBC No OK. BF-CBC

Server version 2.2 Configuring: --cipher

--cipher NCP
CAMELLIA-128-CBC No
  • Medal to you if you know what to do ..

Corner case: OpenVPN built with --enable-small

TODO.
Only effects .. ?

And some fun ;-) An early version.

--cipher

--data-cipher

-fallback

NCP

Expected

Client

Server

Client

Server

Client

Server

-

-

-

AES-256-GCM:AES-128-GCM

YES

YES

OK

Even ..