Issue #6908: Changes/New default cipher in OpenVPN - releng

releng

#6908 Changes/New default cipher in OpenVPN

Closed: Fixed 7 years ago Opened 7 years ago by jreznik.

Since the discovery of the SWEET32 flaw, ciphers using cipher-blocks smaller than 128-bits are considered vulnerable and should not be used any more. OpenVPN uses Blowfish (BF-128-CBC) as the default cipher, which is hit by the SWEET32 flaw. This proposal changes the default cipher to AES-256-GCM while in parallel allowing clients to connect using AES-256-CBC, AES-128-CBC or the deprecated BF-CBC,

This proposal will make use of that possibility by modifying the openvpn-server@.service unit file slightly.

Change page for review: https://fedoraproject.org/wiki/Changes/New_default_cipher_in_OpenVPN
Owner: @dsommers

Metadata Update from @mohanboddu:
- Issue tagged with: changes, f27

7 years ago

mohanboddu commented 7 years ago

Thanks for the info and atm there is no releng work needed.

Please keep us updated if anything changes.

Thanks.

Metadata Update from @mohanboddu:
- Issue tagged with: change-noreleng

7 years ago

Metadata Update from @mohanboddu:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

7 years ago

Metadata

Assignee

None

Tags

Blocking

None

Depending on

None

Milestone

None

duplicate

None

blockedby

None

blocking

None

releng

Source Code

#6908 Changes/New default cipher in OpenVPN Closed: Fixed 7 years ago Opened 7 years ago by jreznik.

Metadata

changes f27 change-noreleng

#6908 Changes/New default cipher in OpenVPN

Closed: Fixed 7 years ago Opened 7 years ago by jreznik.