Public bug reported: all versions
The default cipher for openvpn is BF-CBC (blowfish), which was likely once a good choice. Virtually all modern hardware has hardware acceleration/support for AES instructions, and can therefore do AES-128-CBC far faster and more efficiently than it can blowfish. Unfortunately, it also appears that openvpn doesn't negotiate the cipher at all, so it must match on both ends. 1) please enhance openvpn so that there is at least some negotiation (if the server specifies a cipher, and the client does not, then use the server's cipher) 2) change the default to be AES. thanks, lamont ** Affects: openvpn (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1379132 Title: openvpn has a poor choice of default cipher, and does not negotiate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1379132/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs