Public bug reported:
all versions
The default cipher for openvpn is BF-CBC (blowfish), which was likely
once a good choice.
Virtually all modern hardware has hardware acceleration/support for AES
instructions, and can therefore do AES-128-CBC far faster and more
efficiently than it can blowfish.
Unfortunately, it also appears that openvpn doesn't negotiate the cipher
at all, so it must match on both ends.
1) please enhance openvpn so that there is at least some negotiation (if
the server specifies a cipher, and the client does not, then use the
server's cipher)
2) change the default to be AES.
thanks,
lamont
** Affects: openvpn (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/1379132
Title:
openvpn has a poor choice of default cipher, and does not negotiate
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1379132/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
