Version 6 (modified by 4 years ago) (diff) | ,
---|
Cipher Negotiation
Data channel cipher negotiation is complicated. This wiki defines the expected behaviour between OpenVPN servers and clients.
OpenVPN Directives:
--data-cipher ALG:ALG
--data-cipher-fallback ALG:ALG
Expected Behaviour:
Server version 2.5
Client version 2.5
--cipher | --data-cipher | -fallback | NCP | Expected | |||
---|---|---|---|---|---|---|---|
Client | Server | Client | Server | Client | Server | ||
- | - | - | AES-256-GCM:AES-128-GCM | - | YES | YES | OK |
BF-CBC | - | - | AES-256-GCM:AES-128-GCM | - | YES | YES | OK |
Client version 2.4
--cipher | --data-cipher | -fallback | NCP | Expected | |||
---|---|---|---|---|---|---|---|
Client | Server | Client | Server | Client | Server | ||
- | - | - | AES-256-GCM:AES-128-GCM | - | YES | YES | OK |
BF-CBC | - | - | AES-256-GCM:AES-128-GCM | - | YES | YES | OK |
Client version 2.3
--cipher | --data-cipher | -fallback | NCP | Expected | |||
---|---|---|---|---|---|---|---|
Client | Server | Client | Server | Client | Server | ||
- | - | - | AES-256-GCM:AES-128-GCM | - | YES | YES | OK |
BF-CBC | - | - | AES-256-GCM:AES-128-GCM | - | YES | YES | OK |
Client version 2.2
--cipher | --data-cipher | -fallback | NCP | Expected | |||
---|---|---|---|---|---|---|---|
Client | Server | Client | Server | Client | Server | ||
- | - | - | AES-256-GCM:AES-128-GCM | - | YES | YES | OK |
BF-CBC | - | - | AES-256-GCM:AES-128-GCM | - | YES | YES | OK |
Server version 2.5
Client version | --data-cipher | --fallback-data-cipher | Expected | Other.. | |
Client | Server | ||||
2.5 | x | x | x | ||
2.4 | x | x | x | ||
2.3 | x | x | x | ||
2.2 | x | x | x |
Server version 2.4
Client version | --data-cipher | --fallback-data-cipher | Expected | Other.. | |
Client | Server | ||||
2.5 | x | x | x | ||
2.4 | x | x | x | ||
2.3 | x | x | x | ||
2.2 | x | x | x |
|
|
| NCP | Expected | |||
Client | Server | Client | Server | Client | Server | ||
- | - | - | AES-256-GCM:AES-128-GCM | YES | YES | OK | |
Even .. |