F27 Self Contained Change: New default cipher in OpenVPN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



= Proposed Self Contained Change: New default cipher in OpenVPN =
https://fedoraproject.org/wiki/Changes/New_default_cipher_in_OpenVPN

Change owner(s):
* David Sommerseth <davids@xxxxxxxxxxx>

Since the discovery of the SWEET32 flaw [1], ciphers using
cipher-blocks smaller than 128-bits are considered vulnerable and
should not be used any more. OpenVPN uses Blowfish (BF-128-CBC) as the
default cipher, which is hit by the SWEET32 flaw. This proposal
changes the default cipher to AES-256-GCM while in parallel allowing
clients to connect using AES-256-CBC, AES-128-CBC or the deprecated
BF-CBC,

This proposal will make use of that possibility by modifying the
openvpn-server@.service unit file slightly.

== Detailed Description ==

There have been two independent security audits of OpenVPN recently,
performed by QuarksLab SAS [2] and Cryptography Engineering [3]. Both
recommends moving away from the default Blowfish cipher (BF/BF-CBC) to
a stronger cipher.

The concept is fairly simple.  In today's openvpn-server@.service
systemd unit file the following command line is used to start OpenVPN:

    ExecStart=/usr/sbin/openvpn --status
%t/openvpn-server/status-%i.log --status-version 2
--suppress-timestamps --config %i.conf

By adding --cipher AES-256-GCM --ncp-ciphers
AES-256-GCM:AES-256-CBC:AES-128-GCM:AES-128-CBC:BF-CBC before the
--config option, the default cipher will be modified.  The
--ncp-ciphers list allows clients to use any of the listed ciphers as
well.  The new line will look like this:

    ExecStart=/usr/sbin/openvpn --status
%t/openvpn-server/status-%i.log --status-version 2
--suppress-timestamps --cipher AES-256-GCM --ncp-ciphers
AES-256-GCM:AES-256-CBC:AES-128-GCM:AES-128-CBC:BF-CBC --config
%i.conf

This will result in the following:
* OpenVPN 2.4 based clients will automatically upgrade to AES-256-GCM,
regardless if they have --cipher in their configuration file or not.
For OpenVPN v2.4 configurations not wanting this cipher upgrade, the
client configuration needs to deploy --ncp-disable.
* OpenVPN 2.3 based clients and older (and v2.4 clients using
--ncp-disable in the client configuration) can connect to the server
using any of the --ncp-ciphers list; this is what is called "poor
man's cipher negotiation" by the upstream OpenVPN developers.
* Any client not providing --cipher defaults to BF-CBC.  These clients
should still be able to connect to the server as the server allows
BF-CBC through --ncp-ciphers.

If an already configured OpenVPN v2.4  based server configuration
deploys --cipher and/or --ncp-ciphers, the options in the
configuration file will override command line options set before
--config.  This should not break any existing configuration.

The log files will still complain about the use of BF-CBC if a client
uses that.  But the advantage is that OpenVPN v2.3 and older clients
can be updated one-by-one, by adding the recommended --cipher
AES-256-CBC option in the client configurations in their own pace,
independent of the server - or upgrade to OpenVPN v2.4 or newer.

== Scope ==

* Proposal owners: Patch the openvpn-server@.service unit file which
adds the --cipher and --ncp-ciphers options.

* Other developers: N/A (not a System Wide Change)

* Release engineering: [4] (a check of an impact with Release
Engineering is needed)

* List of deliverables: N/A (not a System Wide Change)

* Policies and guidelines: N/A (not a System Wide Change)

* Trademark approval: N/A (not needed for this Change)

[1] https://sweet32.info/
[2] https://ostif.org/wp-content/uploads/2017/05/OpenVPN1.2final.pdf
[3] https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-evaluation-summary-report/
[4] https://pagure.io/releng/issue/6908

Jaroslav
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux