OpenVPN Cipher Negotiation (Quick reference)
This wiki defines the expected behaviour of Cipher Negotiation between common configurations of OpenVPN servers and clients.
- OpenVPN would like to know about any:
- Unexpected behaviour.
- Errors on this page.
For full details please see:
https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst
Effective directives and terms
2.5: --data-ciphers ALG:ALG
- Data channel ciphers. Default ALG
AES-256-GCM:AES-128-GCM
All: --cipher ALG
- Data channel cipher. Will be deprecated.
In OpenVPN 2.5 --cipher
does not have a default ALG
.
In OpenVPN up to 2.4 the default ALG
is BF-CBC.
2.4: --ncp-disable
- Disable NCP - Deprecated.
In this Wiki cipher negotiation comes in four flavours:
- Full negotiation: Both server and client support NCP
- Partial negotiation: Only the client supports NCP (Known as "Poor man's NCP")
- No negotiation: The client does not support NCP (The server NCP has no effect).
- When the server supports NCP but has a mixture of clients then NCP is defined as 'Yes'.
Cipher negotiation was originally named "Negotiated Cipher Protocol" NCP
Common configurations
Commonly expected configurations of the Effective directives above.
Servers
- Version 2.5
- Default configuration: No effective directives specified.
- Configuring:
--data-ciphers
- Version 2.4
- Default configuration: No effective directives specified.
- Configuring:
--cipher
- Configuring:
--cipher
and --ncp-disable
- Version 2.3
- Default configuration: No effective directives specified.
- Configuring:
--cipher
- Version 2.2
- Default configuration: No effective directives specified.
- Configuring: All bets are off - Upgrade now!
Clients
- Version 2.5
- Default configuration: No effective directives specified.
- Version 2.4
- Default configuration: No effective directives specified.
- Configuring:
--cipher
- Version 2.3
- Default configuration: No effective directives specified.
- Configuring:
--cipher
- Version 2.2
- Default configuration: No effective directives specified.
- Configuring: All bets are off - Upgrade now!
Expected Behaviour indexed by Server version
Server version 2.5
Default configuration: No effective directives specified.
--data-ciphers | NCP | Connection
|
---|
- | Full | OK. AES-256-GCM
|
---|
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC | Full | OK. AES-256-GCM
|
---|
AES-256-CBC | Full | Fail (no shared cipher)
|
---|
--cipher | NCP | Connection
|
- | Full | OK. AES-256-GCM
|
AES-256-CBC | Full | OK. AES-256-GCM
|
BF-CBC | Full | OK. AES-256-GCM
|
--cipher | NCP | Connection
|
- | No | Fail (no shared cipher)
|
AES-256-CBC | No | Fail (no shared cipher)
|
BF-CBC | No | Fail (no shared cipher)
|
--cipher | NCP | Connection
|
- | No | Fail (no shared cipher)
|
AES-256-CBC | No | Fail (no shared cipher)
|
BF-CBC | No | Fail (no shared cipher)
|
Server version 2.5 Configuring: --data-ciphers
--data-ciphers | NCP
|
---|
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC | Yes
|
---|
--cipher | NCP | Connection
|
- | No | Weak BF-CBC
|
AES-256-CBC | No | OK. AES-256-CBC
|
BF-CBC | No | Weak BF-CBC
|
--cipher | NCP | Connection
|
- | No | Weak BF-CBC
|
AES-256-CBC | No | OK. AES-256-CBC
|
BF-CBC | No | Weak BF-CBC
|
Server version 2.4
Default configuration: No effective directives specified.
--cipher | --ncp-ciphers | NCP
|
---|
- | - | Yes
|
---|
--data-ciphers | NCP | Connection
|
---|
- | Full | OK. AES-256-GCM
|
---|
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC | Full | OK. AES-256-GCM
|
---|
AES-256-CBC | Full | Fail (no shared cipher)
|
---|
--cipher | --ncp-ciphers | NCP | Connection
|
---|
- | - | Full | OK. AES-256-GCM
|
---|
AES-256-CBC | - | Full | OK. AES-256-GCM
|
---|
BF-CBC | - | Full | OK. AES-256-GCM
|
---|
--cipher | NCP | Connection
|
- | No | Weak BF-CBC
|
AES-256-CBC | No | Fail (no shared cipher)
|
BF-CBC | No | Weak BF-CBC
|
--cipher | NCP | Connection
|
- | No | Weak BF-CBC
|
AES-256-CBC | No | Fail (no shared cipher)
|
BF-CBC | No | Weak BF-CBC
|
Server version 2.4 Configuring: --cipher
--cipher | --ncp-ciphers | NCP
|
---|
AES-256-CBC | - | Yes
|
---|
--data-ciphers | NCP | Connection
|
---|
- | Full | OK. AES-256-GCM
|
---|
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC | Full | OK. AES-256-GCM
|
---|
AES-256-CBC | Full | OK. AES-256-CBC
|
---|
--cipher | --ncp-ciphers | NCP | Connection
|
---|
- | - | Full | OK. AES-256-GCM
|
---|
AES-256-CBC | - | Full | OK. AES-256-GCM
|
---|
BF-CBC | - | Full | OK. AES-256-GCM
|
---|
--cipher | NCP | Connection
|
- | No | Fail (no shared cipher)
|
AES-256-CBC | No | OK. AES-256-CBC
|
BF-CBC | No | Fail (no shared cipher)
|
--cipher | NCP | Connection
|
- | No | Fail (no shared cipher)
|
AES-256-CBC | No | OK. AES-256-CBC
|
BF-CBC | No | Fail (no shared cipher)
|
Server version 2.4 Configuring: --cipher
and --ncp-disable
--cipher | --ncp-ciphers | NCP
|
---|
AES-256-CBC | - | No --ncp-disable
|
---|
--data-ciphers | NCP | Connection
|
---|
- | Partial | Fail (no shared cipher)
|
---|
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC | Partial | OK. AES-256-CBC
|
---|
--cipher | --ncp-ciphers | NCP | Connection
|
---|
- | - | Partial | Fail (no shared cipher)
|
---|
AES-256-CBC | - | Partial | OK. AES-256-CBC
|
---|
BF-CBC | - | Partial | Fail (no shared cipher)
|
---|
--cipher | NCP | Connection
|
- | No | Fail (no shared cipher)
|
AES-256-CBC | No | OK. AES-256-CBC
|
BF-CBC | No | Fail (no shared cipher)
|
--cipher | NCP | Connection
|
- | No | Fail (no shared cipher)
|
AES-256-CBC | No | OK. AES-256-CBC
|
BF-CBC | No | Fail (no shared cipher)
|
Server version 2.3
Default configuration: No effective directives specified.
--data-ciphers | NCP | Connection
|
---|
- | Partial | Fail (no shared cipher)
|
---|
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC | Partial | Weak BF-CBC
|
---|
--cipher | --ncp-ciphers | NCP | Connection
|
---|
- | - | Partial | Fail (no shared cipher)
|
---|
AES-256-CBC | - | Partial | Fail (no shared cipher)
|
---|
BF-CBC | - | Partial | Weak BF-CBC
|
---|
--cipher | NCP | Connection
|
- | No | Weak BF-CBC
|
AES-256-CBC | No | Fail (no shared cipher)
|
BF-CBC | No | Weak BF-CBC
|
--cipher | NCP | Connection
|
- | No | Weak BF-CBC
|
AES-256-CBC | No | Fail (no shared cipher)
|
BF-CBC | No | Weak BF-CBC
|
Server version 2.3 Configuring: --cipher
--cipher | NCP
|
AES-256-CBC | No
|
--data-ciphers | NCP | Connection
|
---|
- | Partial | Fail (no shared cipher)
|
---|
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC | Partial | OK. AES-256-CBC
|
---|
--cipher | --ncp-ciphers | NCP | Connection
|
---|
- | - | Partial | Fail (no shared cipher)
|
---|
AES-256-CBC | - | Partial | OK. AES-256-CBC
|
---|
BF-CBC | - | Partial | Fail (no shared cipher)
|
---|
--cipher | NCP | Connection
|
- | No | Fail (no shared cipher)
|
AES-256-CBC | No | OK. AES-256-CBC
|
BF-CBC | No | Fail (no shared cipher)
|
--cipher | NCP | Connection
|
- | No | Fail (no shared cipher)
|
AES-256-CBC | No | OK. AES-256-CBC
|
BF-CBC | No | Fail (no shared cipher)
|
Server version 2.2
Default configuration: No effective directives specified.
--data-ciphers | NCP | Connection
|
---|
- | Partial | Fail (no shared cipher)
|
---|
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC | Partial | Weak BF-CBC
|
---|
--cipher | --ncp-ciphers | NCP | Connection
|
---|
- | - | Partial | Weak BF-CBC
|
---|
AES-256-CBC | - | Partial | Fail (no shared cipher)
|
---|
BF-CBC | - | Partial | Weak BF-CBC
|
---|
--cipher | NCP | Connection
|
- | No | Weak BF-CBC
|
AES-256-CBC | No | Fail (no shared cipher)
|
BF-CBC | No | Weak BF-CBC
|
--cipher | NCP | Connection
|
- | No | Weak BF-CBC
|
AES-256-CBC | No | Fail (no shared cipher)
|
BF-CBC | No | Weak BF-CBC
|
Server version 2.2 Configuring: --cipher
--cipher | NCP
|
AES-256-CBC | No
|
--data-ciphers | NCP | Connection
|
---|
- | Partial | Fail (no shared cipher)
|
---|
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC | Partial | OK. AES-256-CBC
|
---|
--cipher | --ncp-ciphers | NCP | Connection
|
---|
- | - | Partial | Fail (no shared cipher)
|
---|
AES-256-CBC | - | Partial | OK. AES-256-CBC
|
---|
BF-CBC | - | Partial | Fail (no shared cipher)
|
---|
--cipher | NCP | Connection
|
- | No | Fail (no shared cipher)
|
AES-256-CBC | No | OK. AES-256-CBC
|
BF-CBC | No | Fail (no shared cipher)
|
--cipher | NCP | Connection
|
- | No | Fail (no shared cipher)
|
AES-256-CBC | No | OK. AES-256-CBC
|
BF-CBC | No | Fail (no shared cipher)
|
Special requirement: OpenVPN built with --enable-small
When OpenVPN version 2.3 or older is built with --enable-small
(Typically found in routers) then Openvpn 2.5 must use --data-ciphers-fallback ALG
. The ALG
must match the peers --cipher ALG
. This is the only case that --data-ciphers-fallback
takes effect.
2.5: --data-ciphers-fallback ALG
- Fallback data channel cipher
Only to allow OpenVPN version 2.5 to connect with old peers built with --enable=small
.
Will be deprecated and removed
Server version 2.3 built with --enable-small
Default configuration: No effective directives specified.
--data-ciphers | -fallback | NCP | Connection
|
---|
- | - | Partial | Fail (no shared cipher)
|
---|
- | BF-CBC | Partial | Weak BF-CBC
|
---|
Server version 2.3 built with --enable-small
Configuring: --cipher
--cipher | NCP
|
AES-256-CBC | No
|
--data-ciphers | -fallback | NCP | Connection
|
---|
- | - | Partial | Fail (no shared cipher)
|
---|
- | AES-256-CBC | Partial | OK. AES-256-CBC
|
---|
Client version 2.3 built with --enable-small
Default configuration: No effective directives specified.
--data-ciphers | -fallback | NCP | Connection
|
---|
- | - | Partial | Fail (no shared cipher)
|
---|
- | BF-CBC | Partial | Weak BF-CBC
|
---|
Client version 2.3 built with --enable-small
Configuring: --cipher
--cipher | NCP
|
AES-256-CBC | No
|
--data-ciphers | -fallback | NCP | Connection
|
---|
- | - | Partial | Fail (no shared cipher)
|
---|
- | AES-256-CBC | Partial | OK. AES-256-CBC
|
---|