wiki:CipherNegotiation

Version 53 (modified by tct, 3 years ago) (diff)

--

OpenVPN Cipher Negotiation (Quick reference)

This wiki defines the expected behaviour of Cipher Negotiation between common configurations of OpenVPN servers and clients.

  • OpenVPN would like to know about any:
    1. Unexpected behaviour.
    2. Errors on this page.

For full details please see:
https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst

Effective directives and terms

2.5: --data-ciphers ALG:ALG - Data channel ciphers. Default ALG AES-256-GCM:AES-128-GCM
2.5: --data-ciphers-fallback ALG:ALG - Essentially the same as --cipher

All: --cipher ALG - Data channel cipher. Will be deprecated.

In OpenVPN 2.5 --cipher does not have a default ALG.
In OpenVPN up to 2.4 the default ALG is BF-CBC.

2.4: --ncp-disable - Disable NCP - Deprecated.

In this Wiki cipher negotiation comes in four flavours:

  • Full negotiation: Both server and client support NCP
  • Partial negotiation: Only the client supports NCP (Known as "Poor man's NCP")
  • No negotiation: The client does not support NCP (The server NCP has no effect).
  • When the server supports NCP but has a mixture of clients then NCP is defined as 'Yes'.

Cipher negotiation was originally named "Negotiated Cipher Protocol" NCP

Common configurations

Commonly expected configurations of the Effective directives above.

Servers

  • Version 2.5
    1. Default configuration: No effective directives specified.
    2. Configuring: --data-ciphers
  • Version 2.4
    1. Default configuration: No effective directives specified.
    2. Configuring: --cipher
    3. Configuring: --cipher and --ncp-disable
  • Version 2.3
    1. Default configuration: No effective directives specified.
    2. Configuring: --cipher
  • Version 2.2
    1. Default configuration: No effective directives specified.
    2. Configuring: All bets are off - Upgrade now!

Clients

  • Version 2.5
    1. Default configuration: No effective directives specified.
  • Version 2.4
    1. Default configuration: No effective directives specified.
    2. Configuring: --cipher
  • Version 2.3
    1. Default configuration: No effective directives specified.
    2. Configuring: --cipher
  • Version 2.2
    1. Default configuration: No effective directives specified.
    2. Configuring: All bets are off - Upgrade now!

Expected Behaviour indexed by Server version

Server version 2.5

Default configuration: No effective directives specified.

--data-ciphers NCP
- Yes
  • Client version 2.5
--data-ciphers NCP Connection
- Full OK. AES-256-GCM
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC Full OK. AES-256-GCM
AES-256-CBC Full Fail (no shared cipher)
  • Client version 2.4
--cipher NCP Connection
- Full OK. AES-256-GCM
AES-256-CBC Full OK. AES-256-GCM
BF-CBC Full OK. AES-256-GCM
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Fail (no shared cipher)

Server version 2.5 Configuring: --data-ciphers

--data-ciphers NCP
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC Yes
  • Client version 2.3
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Weak BF-CBC
  • Client version 2.2
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Weak BF-CBC

Server version 2.4

Default configuration: No effective directives specified.

--cipher --ncp-ciphers NCP
- - Yes
  • Client version 2.5
--data-ciphers NCP Connection
- Full OK. AES-256-GCM
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC Full OK. AES-256-GCM
AES-256-CBC Full Fail (no shared cipher)
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Full OK. AES-256-GCM
AES-256-CBC - Full OK. AES-256-GCM
BF-CBC - Full OK. AES-256-GCM
  • Client version 2.3
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Weak BF-CBC
  • Client version 2.2
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Weak BF-CBC

Server version 2.4 Configuring: --cipher

--cipher --ncp-ciphers NCP
AES-256-CBC - Yes
  • Client version 2.5
--data-ciphers NCP Connection
- Full OK. AES-256-GCM
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC Full OK. AES-256-GCM
AES-256-CBC Full OK. AES-256-CBC
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Full OK. AES-256-GCM
AES-256-CBC - Full OK. AES-256-GCM
BF-CBC - Full OK. AES-256-GCM
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)

Server version 2.4 Configuring: --cipher and --ncp-disable

--cipher --ncp-ciphers NCP
AES-256-CBC - No --ncp-disable
  • Client version 2.5
--data-ciphers NCP Connection
- Partial Fail (no shared cipher)
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC Partial OK. AES-256-CBC
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Partial Fail (no shared cipher)
AES-256-CBC - Partial OK. AES-256-CBC
BF-CBC - Partial Fail (no shared cipher)
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)

Server version 2.3

Default configuration: No effective directives specified.

--cipher NCP
- No
  • Client version 2.5
--data-ciphers NCP Connection
- Partial Fail (no shared cipher)
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC Partial Weak BF-CBC
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Partial Fail (no shared cipher)
AES-256-CBC - Partial Fail (no shared cipher)
BF-CBC - Partial Weak BF-CBC
  • Client version 2.3
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Weak BF-CBC
  • Client version 2.2
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Weak BF-CBC

Server version 2.3 Configuring: --cipher

--cipher NCP
AES-256-CBC No
  • Client version 2.5
--data-ciphers NCP Connection
- Partial Fail (no shared cipher)
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC Partial OK. AES-256-CBC
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Partial Fail (no shared cipher)
AES-256-CBC - Partial OK. AES-256-CBC
BF-CBC - Partial Fail (no shared cipher)
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)

Server version 2.2

Default configuration: No effective directives specified.

--cipher NCP
- No
  • Client version 2.5
--data-ciphers NCP Connection
- Partial Fail (no shared cipher)
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC Partial Weak BF-CBC
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Partial Weak BF-CBC
AES-256-CBC - Partial Fail (no shared cipher)
BF-CBC - Partial Weak BF-CBC
  • Client version 2.3
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Weak BF-CBC
  • Client version 2.2
--cipher NCP Connection
- No Weak BF-CBC
AES-256-CBC No Fail (no shared cipher)
BF-CBC No Weak BF-CBC

Server version 2.2 Configuring: --cipher

--cipher NCP
AES-256-CBC No
  • Client version 2.5
--data-ciphers NCP Connection
- Partial Fail (no shared cipher)
AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC Partial OK. AES-256-CBC
  • Client version 2.4
--cipher --ncp-ciphers NCP Connection
- - Partial Fail (no shared cipher)
AES-256-CBC - Partial OK. AES-256-CBC
BF-CBC - Partial Fail (no shared cipher)
  • Client version 2.3
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)
  • Client version 2.2
--cipher NCP Connection
- No Fail (no shared cipher)
AES-256-CBC No OK. AES-256-CBC
BF-CBC No Fail (no shared cipher)

Special requirement: OpenVPN built with --enable-small

When OpenVPN version 2.3 or older is built with --enable-small (Typically found in routers) then Openvpn 2.5 must use --data-ciphers-fallback ALG. The ALG must match the peers --cipher ALG. This is the only case that --data-ciphers-fallback takes effect.

2.5: --data-ciphers-fallback ALG - Fallback data channel cipher
Only to allow OpenVPN version 2.5 to connect with old peers built with --enable-small.
Will be deprecated and removed

Server version 2.3 built with --enable-small

Default configuration: No effective directives specified.

--cipher NCP
- No
  • Client version 2.5
--data-ciphers -fallback NCP Connection
- - No Fail (no shared cipher)
- BF-CBC No Weak BF-CBC

Server version 2.3 built with --enable-small

Configuring: --cipher

--cipher NCP
AES-256-CBC No
  • Client version 2.5
--data-ciphers -fallback NCP Connection
- - No Fail (no shared cipher)
- AES-256-CBC No OK. AES-256-CBC

Client version 2.3 built with --enable-small

Default configuration: No effective directives specified.

--cipher NCP
- No
  • Server version 2.5
--data-ciphers -fallback NCP Connection
- - No Fail (no shared cipher)
- BF-CBC No Weak BF-CBC

Client version 2.3 built with --enable-small

Configuring: --cipher

--cipher NCP
AES-256-CBC No
  • Server version 2.5
--data-ciphers -fallback NCP Connection
- - No Fail (no shared cipher)
- AES-256-CBC No OK. AES-256-CBC