[Ach] OpenVPN
christian mock
cm at coretec.at
Mon Nov 25 20:52:30 CET 2013
On Mon, Nov 25, 2013 at 08:13:24PM +0100, L. Aaron Kaplan wrote:
> > tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
> ^^^^ this
>
> is just used for the control channel and not for the actual stream.
noted.
> > Is your openvpn built with gnutls?
> With openssl
>
> > Because mine (Debian Wheezy) shows
> > the openssl names with --list-tls (e.g. DHE-RSA-AES256-SHA)...
> >
> wierd. Mine says:
>
> # /usr/sbin/openvpn --show-tls
> Available TLS Ciphers,
> listed in order of preference:
>
> TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
[...]
> Which version of openvpn du you use?
$ openvpn --version
OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales at openvpn.net>
$ ./configure --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --libexecdir=${prefix}/lib/openvpn --disable-maintainer-mode --disable-dependency-tracking CFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security CPPFLAGS=-D_FORTIFY_SOURCE=2 CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security FFLAGS=-g -O2 LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now --enable-password-save --host=x86_64-linux-gnu --build=x86_64-linux-gnu --prefix=/usr --mandir=${prefix}/share/man --with-ifconfig-path=/sbin/ifconfig --with-route-path=/sbin/route
Compile time defines: ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PASSWORD_SAVE ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_PF_INET6 USE_PKCS11 USE_SSL
> BTW: mine does not understand --list-tls, only --show-tls
that was a typo, it's --show-tls.
>
> a.
>
> > cm.
> >
> > --
> > Christian Mock Wiedner Hauptstr. 15
> > Senior Security Engineer 1040 Wien
> > CoreTEC IT Security Solutions GmbH +43-1-5037273
> > FN 214709 z
> >
> > .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> > CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
> >
> > http://heise.de/-1260559
> >
> > .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> > _______________________________________________
> > Ach mailing list
> > Ach at lists.cert.at
> > http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
> ---
> // L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
> // CERT Austria - http://www.cert.at/
> // Eine Initiative der nic.at GmbH - http://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
>
>
>
>
--
Christian Mock Wiedner Hauptstr. 15
Senior Security Engineer 1040 Wien
CoreTEC IT Security Solutions GmbH +43-1-5037273
FN 214709 z
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
http://heise.de/-1260559
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
More information about the Ach
mailing list