Bug 1479270 - New default cipher in OpenVPN
New default cipher in OpenVPN
Product: Fedora
Classification: Fedora
Component: Changes Tracking (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: David Sommerseth
ChangeAcceptedF27, SelfContainedChange
Depends On:
  Show dependency treegraph
Reported: 2017-08-08 04:42 EDT by Jan Kurik
Modified: 2017-11-14 03:58 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Feature: Change of default cipher algorithm Reason: The current default cipher in OpenVPN uses BF-CBC (Blowfish) which is considered a very weak cipher these days, especially after the SWEET32 issue (https://sweet32.info/) which was publicised in 2016. Result: OpenVPN v2.4 supports a fairly simple negotiation of crypto parameters. This allows OpenVPN to let clients connect using independent cipher settings. This change will *only* affect OpenVPN servers using the openvpn-server@.service unit file. This change moves the default cipher to AES-256-GCM while keeping backwards compatibility to older clients not supporting GCM to connect using either BF-CBC, AES-128-CBC or AES-256-CBC. If --cipher is not provided in the client OpenVPN configuration file, BF-CBC will be used as the default. Those client configurations can be updated on a one-by-one approach to use at least --cipher AES-128-CBC or --cipher AES-256-CBC. For any clients running OpenVPN v2.4 or newer, they will by default switch to AES-256-GCM automatically regardless of the --cipher values. This behaviour can be overridden on the server side by changing/adding --cipher to the configuration file. The list of ciphers being allowed can be modified by changing/adding --ncp-ciphers.
Story Points: ---
Clone Of:
Last Closed: 2017-11-14 03:58:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
dazo: fedora_requires_release_note+

Attachments (Terms of Use)

  None (edit)
Description Jan Kurik 2017-08-08 04:42:10 EDT
This is a tracking bug for Change: New default cipher in OpenVPN
For more details, see: https://fedoraproject.org//wiki/Changes/New_default_cipher_in_OpenVPN

Since the discovery of the SWEET32 flaw, ciphers using cipher-blocks smaller than 128-bits are considered vulnerable and should not be used any more.  OpenVPN uses Blowfish (BF-128-CBC) as the default cipher, which is hit by the SWEET32 flaw.  This proposal changes the default cipher to AES-256-GCM while in parallel allowing clients to connect using AES-256-CBC, AES-128-CBC or the deprecated BF-CBC,
Comment 1 David Sommerseth 2017-08-08 06:16:19 EDT
This change is applied to openvpn-2.4.3-4.fc27 (master branch)

Comment 2 Jan Kurik 2017-08-15 04:07:10 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle.
Changing version to '27'.
Comment 3 Jan Kurik 2017-09-06 09:38:34 EDT
On 2017-Sep-05 we reached the "Change Checkpoint: 100% Code Complete Deadline" milestone for Fedora 27 release. At this point all the Changes not at least in "ON_QA" state should be brought to FESCo for review. Please update the state of this bug to "ON_QA" if it is already 100% completed. Please let me know in case you have any trouble with the implementation and the Change needs any help or review.

Thanks, Jan
Comment 4 David Sommerseth 2017-09-06 11:02:21 EDT
commit b931012953451b2614b5fdfa5afe3c1d47c42fe8
Author: David Sommerseth <dazo@eurephia.org>
Date:   Tue Jul 4 16:17:37 2017 +0200

    Change default cipher for server configurations to AES-GCM
    At the same time, utilize the Negotiable Crypto Parameters (NCP) feature
    in OpenVPN v2.4, which allows clients using the old BF-CBC default cipher
    to connect without any issues.
    F-27 Change request: https://fedoraproject.org/wiki/Changes/New_default_cipher_in_OpenVPN
    This change was approved in the FESCO meeting 2017-08-04.
    Also fix a truncated changelog entry for openvpn-2.4.3-1

$ git branch --contains b931012953451b2614b5fdfa5afe3c1d47c42fe8
* f27

Note You need to log in before you can comment on or make changes to this bug.