openvpn has a poor choice of default cipher, and does not negotiate
Bug #1379132 reported by
LaMont Jones
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openvpn (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
all versions
The default cipher for openvpn is BF-CBC (blowfish), which was likely once a good choice.
Virtually all modern hardware has hardware acceleration/
Unfortunately, it also appears that openvpn doesn't negotiate the cipher at all, so it must match on both ends.
1) please enhance openvpn so that there is at least some negotiation (if the server specifies a cipher, and the client does not, then use the server's cipher)
2) change the default to be AES.
thanks,
lamont
To post a comment you must log in.
Status changed to 'Confirmed' because the bug affects multiple users.