= Proposed Self Contained Change: New default cipher in OpenVPN = https://fedoraproject.org/wiki/Changes/New_default_cipher_in_OpenVPN Change owner(s): * David Sommerseth <davids@xxxxxxxxxxx> Since the discovery of the SWEET32 flaw [1], ciphers using cipher-blocks smaller than 128-bits are considered vulnerable and should not be used any more. OpenVPN uses Blowfish (BF-128-CBC) as the default cipher, which is hit by the SWEET32 flaw. This proposal changes the default cipher to AES-256-GCM while in parallel allowing clients to connect using AES-256-CBC, AES-128-CBC or the deprecated BF-CBC, This proposal will make use of that possibility by modifying the openvpn-server@.service unit file slightly. == Detailed Description == There have been two independent security audits of OpenVPN recently, performed by QuarksLab SAS [2] and Cryptography Engineering [3]. Both recommends moving away from the default Blowfish cipher (BF/BF-CBC) to a stronger cipher. The concept is fairly simple. In today's openvpn-server@.service systemd unit file the following command line is used to start OpenVPN: ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf By adding --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:AES-128-CBC:BF-CBC before the --config option, the default cipher will be modified. The --ncp-ciphers list allows clients to use any of the listed ciphers as well. The new line will look like this: ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:AES-128-CBC:BF-CBC --config %i.conf This will result in the following: * OpenVPN 2.4 based clients will automatically upgrade to AES-256-GCM, regardless if they have --cipher in their configuration file or not. For OpenVPN v2.4 configurations not wanting this cipher upgrade, the client configuration needs to deploy --ncp-disable. * OpenVPN 2.3 based clients and older (and v2.4 clients using --ncp-disable in the client configuration) can connect to the server using any of the --ncp-ciphers list; this is what is called "poor man's cipher negotiation" by the upstream OpenVPN developers. * Any client not providing --cipher defaults to BF-CBC. These clients should still be able to connect to the server as the server allows BF-CBC through --ncp-ciphers. If an already configured OpenVPN v2.4 based server configuration deploys --cipher and/or --ncp-ciphers, the options in the configuration file will override command line options set before --config. This should not break any existing configuration. The log files will still complain about the use of BF-CBC if a client uses that. But the advantage is that OpenVPN v2.3 and older clients can be updated one-by-one, by adding the recommended --cipher AES-256-CBC option in the client configurations in their own pace, independent of the server - or upgrade to OpenVPN v2.4 or newer. == Scope == * Proposal owners: Patch the openvpn-server@.service unit file which adds the --cipher and --ncp-ciphers options. * Other developers: N/A (not a System Wide Change) * Release engineering: [4] (a check of an impact with Release Engineering is needed) * List of deliverables: N/A (not a System Wide Change) * Policies and guidelines: N/A (not a System Wide Change) * Trademark approval: N/A (not needed for this Change) [1] https://sweet32.info/ [2] https://ostif.org/wp-content/uploads/2017/05/OpenVPN1.2final.pdf [3] https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-evaluation-summary-report/ [4] https://pagure.io/releng/issue/6908 Jaroslav _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
