Hi, On Thu, May 5, 2016 at 12:26 PM, Shubham Chauhan <shubham13...@iiitd.ac.in> wrote: > I had a doubt about the cipher none config in OpenVPN. > I realized that OpenVPN initiates an SSL handshake, even if I choose not to > use any encryption-decryption operations through the cipher none config. It > chooses a particular cipher in the handshake as well. > > Is it supposed to happen this way?
Yes. > If yes then why does this exactly happen? OpenVPN uses TLS to create the 'control channel', over which keys for the data channel are negotiated and network configuration is pushed to clients. > What is the significance of the SSL/TLS handshake and negotiating a session, > if I am not using any encryption? Disabling crypto is possible, but not what OpenVPN was designed for. Also, disabling encryption (using --cipher) does not disable authentication (--auth) too. If you want to control the TLS crypto, use --tls-cipher. Note however that the TLS control channel is only used for configuration, so disabling the crypto there won't give you a faster VPN connection. -Steffan
