openvpn icon indicating copy to clipboard operation
openvpn copied to clipboard
verified publisher icon OpenVPN

Default server config contains enabled deprecated option `cipher`

Open TJNII opened this issue 1 year ago • 3 comments

Describe the bug The default server config contains cipher AES-256-CBC uncommented: https://github.com/OpenVPN/openvpn/blob/master/sample/sample-config-files/server.conf#L252

On start:

2024-03-03 00:51:30 us=398513 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.

https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Policy:Migrateawayfromdeprecatedciphers.Status:Inprogress

This example needs to be updated or removed. Thanks.

TJNII avatar Mar 03 '24 01:03 TJNII

This client setting also looks suspicious, I haven't tested this one: https://github.com/OpenVPN/openvpn/blob/master/sample/sample-config-files/client.conf#L116

TJNII avatar Mar 03 '24 01:03 TJNII

Good catch. It will work but is not setting a suitable example for what people should be using. We'll deal with it :-)

cron2 avatar Mar 03 '24 08:03 cron2

Work-in-progress patch here: https://gerrit.openvpn.net/c/openvpn/+/532

flichtenheld avatar Mar 04 '24 13:03 flichtenheld