wiki:CipherNegotiation

Version 42 (modified by tct, 4 years ago) (diff)

--

OpenVPN Cipher Negotiation (Quick reference)

This wiki defines the expected behaviour of Cipher Negotiation between common configurations of OpenVPN servers and clients.

OpenVPN would like to know about any unexpected behaviour.

For full details please see:
https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst

Effective directives

2.5: --data-ciphers ALG:ALG - Data channel ciphers. Default ALG AES-256-GCM:AES-128-GCM
2.5: --data-ciphers-fallback ALG - Fallback data channel cipher.
All: --cipher ALG - Data channel cipher. Will be deprecated.

In OpenVPN 2.5 --cipher does not have a default ALG.
In OpenVPN up to 2.4 the default ALG is BF-CBC.

2.4: --ncp-disable - Disable NCP - Deprecated.

Common configurations

Commonly expected configurations of the Effective directives above.

Servers

  • Version 2.5
    1. Default configuration: No effective directives specified.
    2. Configuring: --data-ciphers and --cipher
  • Version 2.4
    1. Default configuration: No effective directives specified.
    2. Configuring: --cipher
    3. Configuring: --cipher and --ncp-disable
  • Version 2.3
    1. Default configuration: No effective directives specified.
    2. Configuring: --cipher
  • Version 2.2
    1. Default configuration: No effective directives specified.
    2. Configuring: All bets are off - Upgrade now!

Clients

  • Version 2.5
    1. Default configuration: No effective directives specified.
  • Version 2.4
    1. Default configuration: No effective directives specified.
    2. Configuring: --cipher
  • Version 2.3
    1. Default configuration: No effective directives specified.
    2. Configuring: --cipher
  • Version 2.2
    1. Default configuration: No effective directives specified.
    2. Configuring: All bets are off - Upgrade now!

Expected Behaviour indexed by Server version

Server version 2.5

Default configuration: No effective directives specified.

--cipher --data-ciphers -fallback NCP
- - - Yes
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Yes OK. AES-256-GCM
AES-256-CBC - - Yes OK. AES-256-GCM
BF-CBC - - Yes OK. AES-256-GCM
  • Client version 2.4
--cipher NCP Connection
- Yes OK. AES-256-GCM
AES-256-CBC Yes OK. AES-256-GCM
BF-CBC Yes OK. AES-256-GCM
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Fail (no shared cipher)

Server version 2.5 Configuring: --data-ciphers and --cipher

--cipher --data-ciphers -fallback NCP
BF-CBC AES-256-GCM:AES-128-GCM:AES-256-CBC - Yes
  • Client version 2.3
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Weak BF-CBC
  • Client version 2.2
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Weak BF-CBC

Server version 2.4

Default configuration: No effective directives specified.

--cipher --ncp-ciphers NCP
- - Yes
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Yes OK. AES-256-GCM
AES-256-CBC - - Yes OK. AES-256-GCM
BF-CBC - - Yes OK. AES-256-GCM
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Yes OK. AES-256-GCM
AES-256-CBC - Yes OK. AES-256-GCM
BF-CBC - Yes OK. AES-256-GCM
  • Client version 2.3
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Weak BF-CBC
  • Client version 2.2
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Weak BF-CBC

Server version 2.4 Configuring: --cipher

--cipher --ncp-ciphers NCP
AES-256-CBC - Yes
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Yes OK. AES-256-GCM
AES-256-CBC - - Yes OK. AES-256-GCM
BF-CBC - - Yes OK. AES-256-GCM
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Yes OK. AES-256-GCM
AES-256-CBC - Yes OK. AES-256-GCM
BF-CBC - Yes OK. AES-256-GCM
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)

Server version 2.4 Configuring: --cipher and --ncp-disable

--cipher --ncp-ciphers NCP
AES-256-CBC - No
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Denied Fail (no shared cipher)
AES-256-CBC - - Denied OK. AES-256-CBC
BF-CBC - - Denied Fail (no shared cipher)
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Denied Fail (no shared cipher)
AES-256-CBC - Denied OK. AES-256-CBC
BF-CBC - Denied Fail (no shared cipher)
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)

Server version 2.3

Default configuration: No effective directives specified.

--cipher NCP
- No
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Denied Fail (no shared cipher)
AES-256-CBC - - Denied Fail (no shared cipher)
BF-CBC - - Denied Weak BF-CBC
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Denied Fail (no shared cipher)
AES-256-CBC - Denied Fail (no shared cipher)
BF-CBC - Denied Weak BF-CBC
  • Client version 2.3
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Weak BF-CBC
  • Client version 2.2
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Weak BF-CBC

Server version 2.3 Configuring: --cipher

--cipher NCP
AES-256-CBC No
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Denied Fail (no shared cipher)
AES-256-CBC - - Denied OK. AES-256-CBC
BF-CBC - - Denied Fail (no shared cipher)
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Denied Fail (no shared cipher)
AES-256-CBC - Denied OK. AES-256-CBC
BF-CBC - Denied Fail (no shared cipher)
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)

Server version 2.2

Default configuration: No effective directives specified.

--cipher NCP
- No
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Denied Fail (no shared cipher)
AES-256-CBC - - Denied Fail (no shared cipher)
BF-CBC - - Denied Weak BF-CBC
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Denied Weak BF-CBC
AES-256-CBC - Denied Fail (no shared cipher)
BF-CBC - Denied Weak BF-CBC
  • Client version 2.3
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Weak BF-CBC
  • Client version 2.2
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Weak BF-CBC

Server version 2.2 Configuring: --cipher

--cipher NCP
AES-256-CBC No
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - - Denied Fail (no shared cipher)
AES-256-CBC - - Denied OK. AES-256-CBC
BF-CBC - - Denied Fail (no shared cipher)
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Denied Fail (no shared cipher)
AES-256-CBC - Denied OK. AES-256-CBC
BF-CBC - Denied Fail (no shared cipher)
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)

Corner case: OpenVPN built with --enable-small

Server version 2.3 built with --enable-small

Default configuration: No effective directives specified.

--cipher NCP
- No
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - BF-CBC Denied Weak BF-CBC
AES-256-CBC - - Denied Fail (no shared cipher)
AES-256-GCM - - Denied Fail (no shared cipher)

Server version 2.3 built with --enable-small

Configuring: --cipher

--cipher NCP
AES-256-CBC No
  • Client version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - BF-CBC Denied Fail (no shared cipher)
AES-256-CBC - - Denied OK. AES-256-CBC
AES-256-GCM - - Denied Fail (no shared cipher)

Client version 2.3 built with --enable-small

Default configuration: No effective directives specified.

--cipher NCP
- No
  • Server version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - BF-CBC Denied Weak BF-CBC
AES-256-CBC - - Denied Fail (no shared cipher)
BF-CBC - - Denied Fail (no shared cipher)

Client version 2.3 built with --enable-small

Configuring: --cipher

--cipher NCP
AES-256-CBC No
  • Server version 2.5
--cipher --data-ciphers -fallback NCP Connection
- - AES-256-CBC Denied OK. AES-256-CBC
AES-256-CBC - - Denied Fail (no shared cipher)
BF-CBC - - Denied Fail (no shared cipher)