[Ach] OpenVPN

L. Aaron Kaplan kaplan at cert.at
Mon Nov 25 20:13:24 CET 2013 

On Nov 25, 2013, at 8:06 PM, christian mock <cm at coretec.at> wrote:

> On Fri, Nov 22, 2013 at 09:54:36AM +0100, David Durvaux wrote:
> 
>> I push to the GIT a small draft of the OpenVPN section as Christian will take the section.
>> I basically just wrote down how to pick up the correct traffic ciphering algorithm.
> 
> Looks like most of the work has been done, thanks!

Well, I am still missing the info that 
> 
> One question: you list
> 
> tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
             ^^^^ this

is just used for the control channel and not for the actual stream.

> 
> Is your openvpn built with gnutls?
With openssl 

> Because mine (Debian Wheezy) shows
> the openssl names with --list-tls (e.g. DHE-RSA-AES256-SHA)...
> 
wierd. Mine says:

# /usr/sbin/openvpn --show-tls
Available TLS Ciphers,
listed in order of preference:

TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA
TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-DSS-WITH-AES-256-GCM-SHA384

(...)

Which version of openvpn du you use?

BTW: mine does not understand --list-tls, only --show-tls

a.

> cm.
> 
> -- 
> Christian Mock                          Wiedner Hauptstr. 15
> Senior Security Engineer                1040 Wien
> CoreTEC IT Security Solutions GmbH      +43-1-5037273
> FN 214709 z
> 
> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
> 
> http://heise.de/-1260559
> 
> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

--- 
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131125/95d905a2/attachment.sig>

More information about the Ach mailing list