Hi, On Sat, Jun 16, 2018 at 12:29:27AM +0300, Alex K wrote: > Hi all, > > I have a server/client setup where I have set the following directive at > server and client: > > cipher AES-128-CBC > > When establishing VPN at client logs I see: > > Fri Jun 15 17:25:22 2018 Data Channel Encrypt: *Cipher 'AES-256-GCM' > *initialized > with 256 bit key [..] > The log indicates that Cipher AES-256-GCM is used. Am i missing sth? Is > this expected?
cipher-negotiation decided that something "better" is available :-)
The manpage mentions this in the --cipher section:
--cipher alg
Encrypt data channel packets with cipher algorithm alg.
The default is BF-CBC, an abbreviation for Blowfish in Cipher
Block Chaining mode. When cipher negotiation (NCP) is allowed,
OpenVPN 2.4 and newer on both client and server side will auto-
matically upgrade to AES-256-GCM. See --ncp-ciphers and
--ncp-disable for more details on NCP.
So, if you do not want that, configure --ncp-disable on either end.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
