Wow, this is really depressing. I don't know how openvpn does session key negotiation but unless they're careful they may wind up exposing aes-256's 2^99-level-security related- key attacks. aes-128 is probably fine for the control channel and doesn't have the same related-key issues.
Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1379132 Title: openvpn has a poor choice of default cipher, and does not negotiate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1379132/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
