[Ach] OpenVPN

christian mock cm at coretec.at
Mon Nov 25 20:52:30 CET 2013 

On Mon, Nov 25, 2013 at 08:13:24PM +0100, L. Aaron Kaplan wrote:

> > tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
>              ^^^^ this
> 
> is just used for the control channel and not for the actual stream.

noted.

> > Is your openvpn built with gnutls?
> With openssl 
> 
> > Because mine (Debian Wheezy) shows
> > the openssl names with --list-tls (e.g. DHE-RSA-AES256-SHA)...
> > 
> wierd. Mine says:
> 
> # /usr/sbin/openvpn --show-tls
> Available TLS Ciphers,
> listed in order of preference:
> 
> TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
[...]
> Which version of openvpn du you use?

$ openvpn --version
OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales at openvpn.net>

  $ ./configure --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --libexecdir=${prefix}/lib/openvpn --disable-maintainer-mode --disable-dependency-tracking CFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security CPPFLAGS=-D_FORTIFY_SOURCE=2 CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security FFLAGS=-g -O2 LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now --enable-password-save --host=x86_64-linux-gnu --build=x86_64-linux-gnu --prefix=/usr --mandir=${prefix}/share/man --with-ifconfig-path=/sbin/ifconfig --with-route-path=/sbin/route

Compile time defines:  ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PASSWORD_SAVE ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_PF_INET6 USE_PKCS11 USE_SSL


> BTW: mine does not understand --list-tls, only --show-tls

that was a typo, it's --show-tls.

> 
> a.
> 
> > cm.
> > 
> > -- 
> > Christian Mock                          Wiedner Hauptstr. 15
> > Senior Security Engineer                1040 Wien
> > CoreTEC IT Security Solutions GmbH      +43-1-5037273
> > FN 214709 z
> > 
> > .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> > CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
> > 
> > http://heise.de/-1260559
> > 
> > .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> > _______________________________________________
> > Ach mailing list
> > Ach at lists.cert.at
> > http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> 
> --- 
> // L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
> // CERT Austria - http://www.cert.at/
> // Eine Initiative der nic.at GmbH - http://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
> 
> 
> 
> 



-- 
Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!

http://heise.de/-1260559

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

More information about the Ach mailing list