= OpenVPN Cipher Negotiation (Quick reference) This wiki defines the **expected** behaviour of Cipher Negotiation between common configurations of OpenVPN servers and clients. **Important note**: `CHACHA20-POLY1305` is widely recognised as a suitable alternative to an `AES` based cipher. * OpenVPN would like to know about any: 1. ''Unexpected'' behaviour. 1. Errors on this page. For full details please see: [[br]] https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst [[TOC(notitle, inline)]] == Effective directives and terms **2.5**: `--data-ciphers ALG:ALG` - Data channel ciphers. Default `ALG` AES-256-GCM:AES-128-GCM [[br]] **2.5**: `--data-ciphers-fallback ALG:ALG` - Essentially the same as `--cipher` * Source: https://sourceforge.net/p/openvpn/mailman/message/37232992/ [[br]] ---- __**Use of `--data-ciphers-fallback` is limited to:**__ [[br]] * Openvpn Clients which do not support `--data-ciphers` (Openvpn 2.4, 2.3)[[br]] [[br]] **Solution: Upgrade**[[br]] Or, use `--data-ciphers-fallback` in your Server configuration.[[br]] [[br]] * Openvpn Clients using `--ncp-disable` DEPRECATED (Openvpn 2.4)[[br]] [[br]] **Solution:** Do NOT use `--ncp-disable`[[br]] EVER[[br]] [[br]] * Openvpn built with `--enable-small`: [https://community.openvpn.net/openvpn/wiki/CipherNegotiation#Specialrequirement:OpenVPNbuiltwith--enable-small See below] [[br]] [[br]] * Openvpn Server that does not support Cipher Negotiation:[[br]] [[br]] **Solution: Upgrade**[[br]] Otherwise, both Client and Server will DEFAULT to an INSECURE BF-CBC cipher.[[br]] ... Unless both Client and Server have a **secure** `--cipher` configured.[[br]] ... otherwise, the VPN connection will fail.[[br]] **The Point**: {{{ @cron2_ | for clients calling in without NCP │ @cron2_ | could be a 2.5 client called with --ncp-disable "because someone on the Internet said so" │ wiscii | but that would auto-fallback to AES* ? 2.5 .. no ? │ * | wiscii checks │ wiscii | --ncp-disable is deprecated .. │ wiscii | and using it is currently a total fail FATAL error │ wiscii | ok ,, that is 2.6 │ wiscii | i have clearly misunderstood the use of the data-cipher-fallback bit, it's just to convoluted | @cron2_ | the point is that 2.5 and up do not select BF-CBC "by default" anymore, just because it was the │ | cipher in earlier times │ @cron2_ | *if* NCP is active, this is a non-issue, because AES │ @cron2_ | but if *no* NCP is active (old client or --ncp-disable), openvpn does not know what to do, and │ | on purpose does not "just use BF-CBC". So it tells you: if you really want the old behaviour, │ | put it into your config. │ wiscii | yep .. i can see that logic │ }}} ---- **All**: `--cipher ALG` - Data channel cipher. **Will be deprecated**.[[br]] In OpenVPN 2.5 `--cipher` does not have a default `ALG`.[[br]] In OpenVPN up to 2.4 the default `ALG` is BF-CBC.[[br]] **2.4**: `--ncp-disable` - Disable NCP - **Deprecated**.[[br]] [[br]] In this Wiki cipher negotiation comes in four flavours: * **Full** negotiation: Both server and client support NCP * **Partial** negotiation: Only the client supports NCP (Known as "Poor man's NCP") * **No** negotiation: The client does not support NCP (The server NCP has no effect). * When the server supports NCP but has a mixture of clients then NCP is defined as '**Yes**'. Cipher negotiation was originally named "Negotiated Cipher Protocol" **NCP** == Common configurations Commonly expected configurations of the ''Effective directives'' above. === Servers * Version 2.5 a. Default configuration: No effective directives specified.[[br]] a. Configuring: `--data-ciphers`[[br]] * Version 2.4 a. Default configuration: No effective directives specified.[[br]] a. Configuring: `--cipher`[[br]] a. Configuring: `--cipher` and `--ncp-disable`[[br]] * Version 2.3 a. Default configuration: No effective directives specified.[[br]] a. Configuring: `--cipher`[[br]] * Version 2.2 a. Default configuration: No effective directives specified.[[br]] a. Configuring: All bets are off - Upgrade now! [[br]] === Clients * Version 2.5 a. Default configuration: No effective directives specified.[[br]] * Version 2.4 a. Default configuration: No effective directives specified.[[br]] a. Configuring: `--cipher`[[br]] * Version 2.3 a. Default configuration: No effective directives specified.[[br]] a. Configuring: `--cipher`[[br]] * Version 2.2 a. Default configuration: No effective directives specified.[[br]] a. Configuring: All bets are off - Upgrade now! [[br]] == Expected Behaviour indexed by Server version === Server version 2.5 ==== Default configuration: No effective directives specified.[[br]] ||= `--data-ciphers` =|| NCP || ||= - =|| Yes || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || ||= AES-256-CBC =|| Full || `Fail (no shared cipher)` || * __Client version 2.4__ || `--cipher` || NCP || Connection || || - || Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || || AES-256-CBC || Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || || BF-CBC || Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || `Fail (no shared cipher)` || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || `Fail (no shared cipher)` || ---- ==== Server version 2.5 Configuring: `--data-ciphers`[[br]] ||= `--data-ciphers` =|| NCP || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Yes || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || ---- === Server version 2.4 ==== Default configuration: No effective directives specified.[[br]] || `--cipher` ||= `--ncp-ciphers` =|| NCP || || - ||= - =|| Yes || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || ||= AES-256-CBC =|| Full || `Fail (no shared cipher)` || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || || AES-256-CBC ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || || BF-CBC ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || ---- ==== Server version 2.4 Configuring: `--cipher`[[br]] || `--cipher` ||= `--ncp-ciphers` =|| NCP || || AES-256-CBC ||= - =|| Yes || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || ||= AES-256-CBC =|| Full || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || || AES-256-CBC ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || || BF-CBC ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || ---- ==== Server version 2.4 Configuring: `--cipher` and `--ncp-disable`[[br]] || `--cipher` ||= `--ncp-ciphers` =|| NCP || || AES-256-CBC ||= - =|| No `--ncp-disable` || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Partial || `Fail (no shared cipher)` || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Partial || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Partial || `Fail (no shared cipher)` || || AES-256-CBC ||= - =|| Partial || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC ||= - =|| Partial || `Fail (no shared cipher)` || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || ---- === Server version 2.3 ==== Default configuration: No effective directives specified.[[br]] || `--cipher` || NCP || || - || No || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Partial || `Fail (no shared cipher)` || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Partial || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Partial || `Fail (no shared cipher)` || || AES-256-CBC ||= - =|| Partial || `Fail (no shared cipher)` || || BF-CBC ||= - =|| Partial || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || ---- ==== Server version 2.3 Configuring: `--cipher`[[br]] || `--cipher` || NCP || || AES-256-CBC || No || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Partial || `Fail (no shared cipher)` || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Partial || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Partial || `Fail (no shared cipher)` || || AES-256-CBC ||= - =|| Partial || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC ||= - =|| Partial || `Fail (no shared cipher)` || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || ---- === Server version 2.2 ==== Default configuration: No effective directives specified.[[br]] || `--cipher` || NCP || || - || No || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Partial || `Fail (no shared cipher)` || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Partial || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Partial || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC ||= - =|| Partial || `Fail (no shared cipher)` || || BF-CBC ||= - =|| Partial || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || ---- ==== Server version 2.2 Configuring: `--cipher`[[br]] || `--cipher` || NCP || || AES-256-CBC || No || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Partial || `Fail (no shared cipher)` || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Partial || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Partial || `Fail (no shared cipher)` || || AES-256-CBC ||= - =|| Partial || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC ||= - =|| Partial || `Fail (no shared cipher)` || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || ---- == Special requirement: OpenVPN built with `--enable-small` When OpenVPN version 2.3 or older is built with `--enable-small` (Typically found in routers) then Openvpn 2.5 **must** use `--data-ciphers-fallback ALG`. The `ALG` must match the peers `--cipher ALG`. **This is the only case that** `--data-ciphers-fallback` **takes effect.**[[br]][[br]] 2.5: `--data-ciphers-fallback ALG` - Fallback data channel cipher[[br]] Only to allow OpenVPN version 2.5 to connect with old peers built with `--enable-small`.[[br]] **Will be deprecated and removed**[[br]] === Server version 2.3 built with `--enable-small` ==== Default configuration: No effective directives specified.[[br]] || `--cipher` || NCP || || - || No || * __**Client** version 2.5__ ||= `--data-ciphers` =||= `-fallback` =|| NCP || Connection || ||= - =||= - =|| No || `Fail (no shared cipher)` || ||= - =||= BF-CBC =|| No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || === Server version 2.3 built with `--enable-small` ==== Configuring: `--cipher`[[br]] || `--cipher` || NCP || || AES-256-CBC || No || * __**Client** version 2.5__ ||= `--data-ciphers` =||= `-fallback` =|| NCP || Connection || ||= - =||= - =|| No || `Fail (no shared cipher)` || ||= - =||= AES-256-CBC =|| No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || === Client version 2.3 built with `--enable-small` ==== Default configuration: No effective directives specified.[[br]] || `--cipher` || NCP || || - || No || * __**Server** version 2.5__ ||= `--data-ciphers` =||= `-fallback` =|| NCP || Connection || ||= - =||= - =|| No || `Fail (no shared cipher)` || ||= - =||= BF-CBC =|| No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || === Client version 2.3 built with `--enable-small` ==== Configuring: `--cipher`[[br]] || `--cipher` || NCP || || AES-256-CBC || No || * __**Server** version 2.5__ ||= `--data-ciphers` =||= `-fallback` =|| NCP || Connection || ||= - =||= - =|| No || `Fail (no shared cipher)` || ||= - =||= AES-256-CBC =|| No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' ||