Ubuntu
openvpn package

openvpn has a poor choice of default cipher, and does not negotiate

Bug #1379132 reported by LaMont Jones
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
openvpn (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Won't Fix
Medium
Unassigned

Bug Description

all versions

The default cipher for openvpn is BF-CBC (blowfish), which was likely once a good choice.

Virtually all modern hardware has hardware acceleration/support for AES instructions, and can therefore do AES-128-CBC far faster and more efficiently than it can blowfish.

Unfortunately, it also appears that openvpn doesn't negotiate the cipher at all, so it must match on both ends.

1) please enhance openvpn so that there is at least some negotiation (if the server specifies a cipher, and the client does not, then use the server's cipher)

2) change the default to be AES.

thanks,
lamont

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openvpn (Ubuntu):
status: New → Confirmed
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The default of a 16.04<->16.04 connection still is:
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

In bug 1567717 Seth tried to change defaults&supported ciphers for security reasones.
I mentioned this bug there - depending on how/what we change there we could at least easily address #2 of this bug to set the default to AES - maybe 256.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Wow, this is really depressing.

I don't know how openvpn does session key negotiation but unless they're careful they may wind up exposing aes-256's 2^99-level-security related-key attacks. aes-128 is probably fine for the control channel and doesn't have the same related-key issues.

Thanks

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

In the upstream issue 673 [1].
Upstream removed some ciphers and ordered the others by preference.

That is fixed in >=Yakkety then.

@Seth - do you think we want/need to backport that change to Xenial?

[1]: https://community.openvpn.net/openvpn/ticket/673

Changed in openvpn (Ubuntu):
status: Confirmed → Fix Released
Changed in openvpn (Ubuntu Xenial):
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Setting Xenial to wontfix since it did reach its end of standard support period.

Changed in openvpn (Ubuntu Xenial):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.