Bug 1479270 - New default cipher in OpenVPN
New default cipher in OpenVPN
Product: Fedora
Classification: Fedora
Component: Changes Tracking (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: David Sommerseth
ChangeAcceptedF27, SelfContainedChange
Depends On:
  Show dependency treegraph
Reported: 2017-08-08 04:42 EDT by Jan Kurik
Modified: 2017-08-15 04:07 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Feature: Change of default cipher algorithm Reason: The current default cipher in OpenVPN uses BF-CBC (Blowfish) which is considered a very weak cipher these days, especially after the SWEET32 issue (https://sweet32.info/) which was publicised in 2016. Result: OpenVPN v2.4 supports a fairly simple negotiation of crypto parameters. This allows OpenVPN to let clients connect using independent cipher settings. This change will *only* affect OpenVPN servers using the openvpn-server@.service unit file. This change moves the default cipher to AES-256-GCM while keeping backwards compatibility to older clients not supporting GCM to connect using either BF-CBC, AES-128-CBC or AES-256-CBC. If --cipher is not provided in the client OpenVPN configuration file, BF-CBC will be used as the default. Those client configurations can be updated on a one-by-one approach to use at least --cipher AES-128-CBC or --cipher AES-256-CBC. For any clients running OpenVPN v2.4 or newer, they will by default switch to AES-256-GCM automatically regardless of the --cipher values. This behaviour can be overridden on the server side by changing/adding --cipher to the configuration file. The list of ciphers being allowed can be modified by changing/adding --ncp-ciphers.
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
dazo: fedora_requires_release_note+

Attachments (Terms of Use)

  None (edit)
Description Jan Kurik 2017-08-08 04:42:10 EDT
This is a tracking bug for Change: New default cipher in OpenVPN
For more details, see: https://fedoraproject.org//wiki/Changes/New_default_cipher_in_OpenVPN

Since the discovery of the SWEET32 flaw, ciphers using cipher-blocks smaller than 128-bits are considered vulnerable and should not be used any more.  OpenVPN uses Blowfish (BF-128-CBC) as the default cipher, which is hit by the SWEET32 flaw.  This proposal changes the default cipher to AES-256-GCM while in parallel allowing clients to connect using AES-256-CBC, AES-128-CBC or the deprecated BF-CBC,
Comment 1 David Sommerseth 2017-08-08 06:16:19 EDT
This change is applied to openvpn-2.4.3-4.fc27 (master branch)

Comment 2 Jan Kurik 2017-08-15 04:07:10 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle.
Changing version to '27'.

Note You need to log in before you can comment on or make changes to this bug.