[Ach] OpenVPN
L. Aaron Kaplan
kaplan at cert.at
Mon Nov 25 20:13:24 CET 2013
On Nov 25, 2013, at 8:06 PM, christian mock <cm at coretec.at> wrote:
> On Fri, Nov 22, 2013 at 09:54:36AM +0100, David Durvaux wrote:
>
>> I push to the GIT a small draft of the OpenVPN section as Christian will take the section.
>> I basically just wrote down how to pick up the correct traffic ciphering algorithm.
>
> Looks like most of the work has been done, thanks!
Well, I am still missing the info that
>
> One question: you list
>
> tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
^^^^ this
is just used for the control channel and not for the actual stream.
>
> Is your openvpn built with gnutls?
With openssl
> Because mine (Debian Wheezy) shows
> the openssl names with --list-tls (e.g. DHE-RSA-AES256-SHA)...
>
wierd. Mine says:
# /usr/sbin/openvpn --show-tls
Available TLS Ciphers,
listed in order of preference:
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA
TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
(...)
Which version of openvpn du you use?
BTW: mine does not understand --list-tls, only --show-tls
a.
> cm.
>
> --
> Christian Mock Wiedner Hauptstr. 15
> Senior Security Engineer 1040 Wien
> CoreTEC IT Security Solutions GmbH +43-1-5037273
> FN 214709 z
>
> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
>
> http://heise.de/-1260559
>
> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
---
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131125/95d905a2/attachment.sig>
More information about the Ach
mailing list