= OpenVPN Cipher Negotiation (Quick reference) This wiki defines the **expected** behaviour of Cipher Negotiation between common configurations of OpenVPN servers and clients. **Important note**: `CHACHA20-POLY1305` is widely recognised as a suitable alternative to an `AES` based cipher. * OpenVPN would like to know about any: 1. ''Unexpected'' behaviour. 1. Errors on this page. For full details please see: [[br]] https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst [[TOC(notitle, inline)]] == Effective directives and terms **2.5**: `--data-ciphers ALG:ALG` - Data channel ciphers **list**. Default: AES-256-GCM:AES-128-GCM [[br]] **2.5**: `--data-ciphers-fallback ALG` - Single **ALG** (Essentially the same as `--cipher`) * Source: https://sourceforge.net/p/openvpn/mailman/message/37232992/ [[br]] ---- __**Use of `--data-ciphers-fallback` is limited to:**__ [[br]] * Openvpn Clients which do not support `--data-ciphers` (Openvpn 2.4, 2.3)[[br]] [[br]] **Solution: Upgrade**[[br]] Or, use `--data-ciphers-fallback` in your Server configuration.[[br]] [[br]] * Openvpn Clients using `--ncp-disable` DEPRECATED (Openvpn 2.4)[[br]] [[br]] **Solution:** Do NOT use `--ncp-disable`[[br]] EVER[[br]] [[br]] * Openvpn built with `--enable-small`: [https://community.openvpn.net/openvpn/wiki/CipherNegotiation#Specialrequirement:OpenVPNbuiltwith--enable-small See below] [[br]] [[br]] * Openvpn Server that does not support Cipher Negotiation:[[br]] [[br]] **Solution: Upgrade**[[br]] Otherwise, both Client and Server will DEFAULT to an INSECURE BF-CBC cipher.[[br]] ... Unless both Client and Server have a **secure** `--cipher` configured.[[br]] ... otherwise, the VPN connection will fail.[[br]] **The Point**: {{{ @cron2_ | for clients calling in without NCP │ @cron2_ | could be a 2.5 client called with --ncp-disable "because someone on the Internet said so" │ wiscii | but that would auto-fallback to AES* ? 2.5 .. no ? │ * | wiscii checks │ wiscii | --ncp-disable is deprecated .. │ wiscii | and using it is currently a total fail FATAL error │ wiscii | ok ,, that is 2.6 │ wiscii | i have clearly misunderstood the use of the data-cipher-fallback bit, it's just to convoluted | @cron2_ | the point is that 2.5 and up do not select BF-CBC "by default" anymore, just because it was the │ | cipher in earlier times │ @cron2_ | *if* NCP is active, this is a non-issue, because AES │ @cron2_ | but if *no* NCP is active (old client or --ncp-disable), openvpn does not know what to do, and │ | on purpose does not "just use BF-CBC". So it tells you: if you really want the old behaviour, │ | put it into your config. │ wiscii | yep .. i can see that logic │ }}} ---- **All**: `--cipher ALG` - Data channel cipher. **Will be deprecated**.[[br]] In OpenVPN 2.5 `--cipher` does not have a default `ALG`.[[br]] In OpenVPN up to 2.4 the default `ALG` is BF-CBC.[[br]] **2.4**: `--ncp-disable` - Disable Negotiated Cipher Protocol - **Deprecated**.[[br]] **Note**: This document does **not** cover the use of `--ncp-disable`.[[br]] [[br]] In this Wiki cipher negotiation comes in four flavours: * **Full** negotiation: Both server and client support NCP * **Partial** negotiation: Only the client supports NCP (Known as "Poor man's NCP", See note below) * **No** negotiation: The client does not support NCP (The server NCP has no effect). * When the server supports NCP but has a mixture of clients then NCP is defined as '**Yes**'. Cipher negotiation was originally named "Negotiated Cipher Protocol" **NCP** == Poor Man's NCP ''**Poor Man's NCP**'' is a term used to describe when either peer does **not** support cipher negotiation, directly. **And** the subsequent configurations which can be used to get full AEAD cipher support, without the need to negotiate it. This wiki fully expands the server side variety of Poor Man's NCP, which means this wiki does not apply ''that'' term to the server. This wiki only applies the term to mean the client because it is easier to understand. Also, clients which suffer from Poor Man's NCP can be more easily upgraded than an old server. So this wiki fully explains the server side, while encouraging the user to upgrade their client OpenVPN version. == Common configurations Commonly expected configurations of the ''Effective directives'' above. === Servers * Version 2.5 a. Default configuration: No effective directives specified.[[br]] a. Configuring: `--data-ciphers`[[br]] * Version 2.4 a. Default configuration: No effective directives specified.[[br]] a. Configuring: `--cipher`[[br]] a. Configuring: `--cipher` and `--ncp-disable`[[br]] * Version 2.3 a. Default configuration: No effective directives specified.[[br]] a. Configuring: `--cipher`[[br]] * Version 2.2 a. Default configuration: No effective directives specified.[[br]] a. Configuring: All bets are off - Upgrade now! [[br]] === Clients * Version 2.5 a. Default configuration: No effective directives specified.[[br]] * Version 2.4 a. Default configuration: No effective directives specified.[[br]] a. Configuring: `--cipher`[[br]] * Version 2.3 a. Default configuration: No effective directives specified.[[br]] a. Configuring: `--cipher`[[br]] * Version 2.2 a. Default configuration: No effective directives specified.[[br]] a. Configuring: All bets are off - Upgrade now! [[br]] == Expected Behaviour indexed by Server version === Server version 2.5 ==== Default configuration: No effective directives specified.[[br]] ||= `--data-ciphers` =|| NCP || ||= - =|| Yes || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || ||= AES-256-CBC =|| Full || `Fail (no shared cipher)` || * __Client version 2.4__ || `--cipher` || NCP || Connection || || - || Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || || AES-256-CBC || Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || || BF-CBC || Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || `Fail (no shared cipher)` || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || `Fail (no shared cipher)` || ---- ==== Server version 2.5 Configuring: `--data-ciphers`[[br]] ||= `--data-ciphers` =|| NCP || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Yes || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || ---- === Server version 2.4 ==== Default configuration: No effective directives specified.[[br]] || `--cipher` ||= `--ncp-ciphers` =|| NCP || || - ||= - =|| Yes || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || ||= AES-256-CBC =|| Full || `Fail (no shared cipher)` || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || || AES-256-CBC ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || || BF-CBC ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || ---- ==== Server version 2.4 Configuring: `--cipher`[[br]] || `--cipher` ||= `--ncp-ciphers` =|| NCP || || AES-256-CBC ||= - =|| Yes || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || ||= AES-256-CBC =|| Full || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || || AES-256-CBC ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || || BF-CBC ||= - =|| Full || '''[[span(style=color: #007000, OK. AES-256-GCM )]]''' || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || ---- ==== Server version 2.4 Configuring: `--cipher` and `--ncp-disable`[[br]] || `--cipher` ||= `--ncp-ciphers` =|| NCP || || AES-256-CBC ||= - =|| No `--ncp-disable` || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Partial || `Fail (no shared cipher)` || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Partial || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Partial || `Fail (no shared cipher)` || || AES-256-CBC ||= - =|| Partial || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC ||= - =|| Partial || `Fail (no shared cipher)` || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || ---- === Server version 2.3 ==== Default configuration: No effective directives specified.[[br]] || `--cipher` || NCP || || - || No || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Partial || `Fail (no shared cipher)` || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Partial || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Partial || `Fail (no shared cipher)` || || AES-256-CBC ||= - =|| Partial || `Fail (no shared cipher)` || || BF-CBC ||= - =|| Partial || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || ---- ==== Server version 2.3 Configuring: `--cipher`[[br]] || `--cipher` || NCP || || AES-256-CBC || No || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Partial || `Fail (no shared cipher)` || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Partial || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Partial || `Fail (no shared cipher)` || || AES-256-CBC ||= - =|| Partial || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC ||= - =|| Partial || `Fail (no shared cipher)` || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || ---- === Server version 2.2 ==== Default configuration: No effective directives specified.[[br]] || `--cipher` || NCP || || - || No || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Partial || `Fail (no shared cipher)` || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Partial || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Partial || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC ||= - =|| Partial || `Fail (no shared cipher)` || || BF-CBC ||= - =|| Partial || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || || AES-256-CBC || No || `Fail (no shared cipher)` || || BF-CBC || No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || ---- ==== Server version 2.2 Configuring: `--cipher`[[br]] || `--cipher` || NCP || || AES-256-CBC || No || * __Client version 2.5__ ||= `--data-ciphers` =|| NCP || Connection || ||= - =|| Partial || `Fail (no shared cipher)` || ||= AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC =|| Partial || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || * __Client version 2.4__ || `--cipher` ||= `--ncp-ciphers` =|| NCP || Connection || || - ||= - =|| Partial || `Fail (no shared cipher)` || || AES-256-CBC ||= - =|| Partial || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC ||= - =|| Partial || `Fail (no shared cipher)` || * __Client version 2.3__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || * __Client version 2.2__ || `--cipher` || NCP || Connection || || - || No || `Fail (no shared cipher)` || || AES-256-CBC || No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || || BF-CBC || No || `Fail (no shared cipher)` || ---- == Special requirement: OpenVPN built with `--enable-small` When OpenVPN version 2.3 or older is built with `--enable-small` (Typically found in routers) then Openvpn 2.5 **must** use `--data-ciphers-fallback ALG`. The `ALG` must match the peers `--cipher ALG`. **This is the only case that** `--data-ciphers-fallback` **takes effect.**[[br]][[br]] 2.5: `--data-ciphers-fallback ALG` - Fallback data channel cipher[[br]] Only to allow OpenVPN version 2.5 to connect with old peers built with `--enable-small`.[[br]] **Will be deprecated and removed**[[br]] === Server version 2.3 built with `--enable-small` ==== Default configuration: No effective directives specified.[[br]] || `--cipher` || NCP || || - || No || * __**Client** version 2.5__ ||= `--data-ciphers` =||= `-fallback` =|| NCP || Connection || ||= - =||= - =|| No || `Fail (no shared cipher)` || ||= - =||= BF-CBC =|| No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || === Server version 2.3 built with `--enable-small` ==== Configuring: `--cipher`[[br]] || `--cipher` || NCP || || AES-256-CBC || No || * __**Client** version 2.5__ ||= `--data-ciphers` =||= `-fallback` =|| NCP || Connection || ||= - =||= - =|| No || `Fail (no shared cipher)` || ||= - =||= AES-256-CBC =|| No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' || === Client version 2.3 built with `--enable-small` ==== Default configuration: No effective directives specified.[[br]] || `--cipher` || NCP || || - || No || * __**Server** version 2.5__ ||= `--data-ciphers` =||= `-fallback` =|| NCP || Connection || ||= - =||= - =|| No || `Fail (no shared cipher)` || ||= - =||= BF-CBC =|| No || ''[[span(style=color: #806000, **Weak** BF-CBC )]]'' || === Client version 2.3 built with `--enable-small` ==== Configuring: `--cipher`[[br]] || `--cipher` || NCP || || AES-256-CBC || No || * __**Server** version 2.5__ ||= `--data-ciphers` =||= `-fallback` =|| NCP || Connection || ||= - =||= - =|| No || `Fail (no shared cipher)` || ||= - =||= AES-256-CBC =|| No || '''[[span(style=color: #007000, OK. AES-256-CBC )]]''' ||