Hi, On Sat, Jun 16, 2018 at 12:29:27AM +0300, Alex K wrote: > Hi all, > > I have a server/client setup where I have set the following directive at > server and client: > > cipher AES-128-CBC > > When establishing VPN at client logs I see: > > Fri Jun 15 17:25:22 2018 Data Channel Encrypt: *Cipher 'AES-256-GCM' > *initialized > with 256 bit key [..] > The log indicates that Cipher AES-256-GCM is used. Am i missing sth? Is > this expected?
cipher-negotiation decided that something "better" is available :-) The manpage mentions this in the --cipher section: --cipher alg Encrypt data channel packets with cipher algorithm alg. The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode. When cipher negotiation (NCP) is allowed, OpenVPN 2.4 and newer on both client and server side will auto- matically upgrade to AES-256-GCM. See --ncp-ciphers and --ncp-disable for more details on NCP. So, if you do not want that, configure --ncp-disable on either end. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users