Thank you David for the thorough answer. I will try and perform some tests
and will post results here when done.
Thanx,
Alex
On Sun, Jun 17, 2018, 02:18 David Sommerseth <
open...@sf.lists.topphemmelig.net> wrote:
> On 17/06/18 00:07, Alex K wrote:
> >
> >
> > On Sat, Jun 16, 2018 at 12:58 PM, Gert Doering <g...@greenie.muc.de
> > <mailto:g...@greenie.muc.de>> wrote:
> >
> > Hi,
> >
> > On Sat, Jun 16, 2018 at 12:29:27AM +0300, Alex K wrote:
> > > Hi all,
> > >
> > > I have a server/client setup where I have set the following
> directive at
> > > server and client:
> > >
> > > cipher AES-128-CBC
> > >
> > > When establishing VPN at client logs I see:
> > >
> > > Fri Jun 15 17:25:22 2018 Data Channel Encrypt: *Cipher
> 'AES-256-GCM'
> > > *initialized
> > > with 256 bit key
> > [..]
> > > The log indicates that Cipher AES-256-GCM is used. Am i missing
> sth? Is
> > > this expected?
> >
> > cipher-negotiation decided that something "better" is available :-)
> >
> >
> > Is it AES-128-CBC insecure? I was thinking to use it to reduce the
> > encapsulation overhead and perhaps the CPU utilization that AES-256-GCM
> might
> > incur.
> > I am running VPN clients on small devices.
>
> No, AES-128-CBC is still reasonable. AES-256 is a bit better if
> considering a
> post-quantum scenario (the crypto geeks can provide better details here).
>
> The advantage GCM has over CBC is that authentication happens in the same
> crypto operation as the decryption. While CBC needs to have decryption and
> authentication as two separate steps, which is more costly CPU wise. The
> network packet payload is also a bit smaller per packet with GCM.
> Compared to
> --auth SHA1, I believe the packet size is 8 bytes smaller, and even more if
> using --auth SHA256.
>
> Small devices might not be too bad at AES-GCM ciphers as it used to be
> though;
> it depends on what kind hardware generation it is and if the SSL library
> can
> utilize the hardware acceleration. I've heard that more and more mobile
> phones these days do have AES hardware support (often as an additional
> "support CPU"), but even some ARM Cortex (ARMv8) has the possibility for
> AES
> built into the CPU as well.
>
> But generally, I would advice you to run some thorough performance tests
> before deciding if CBC or GCM is better for you.
>
>
> --
> kind regards,
>
> David Sommerseth
> OpenVPN Inc
>
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
