In the upstream issue 673 [1]. Upstream removed some ciphers and ordered the others by preference.
That is fixed in >=Yakkety then. @Seth - do you think we want/need to backport that change to Xenial? [1]: https://community.openvpn.net/openvpn/ticket/673 ** Bug watch added: community.openvpn.net/openvpn/ #673 https://community.openvpn.net/openvpn/ticket/673 ** Also affects: openvpn (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: openvpn (Ubuntu) Status: Confirmed => Fix Released ** Changed in: openvpn (Ubuntu Xenial) Status: New => Confirmed ** Changed in: openvpn (Ubuntu Xenial) Importance: Undecided => Medium -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1379132 Title: openvpn has a poor choice of default cipher, and does not negotiate Status in openvpn package in Ubuntu: Fix Released Status in openvpn source package in Xenial: Confirmed Bug description: all versions The default cipher for openvpn is BF-CBC (blowfish), which was likely once a good choice. Virtually all modern hardware has hardware acceleration/support for AES instructions, and can therefore do AES-128-CBC far faster and more efficiently than it can blowfish. Unfortunately, it also appears that openvpn doesn't negotiate the cipher at all, so it must match on both ends. 1) please enhance openvpn so that there is at least some negotiation (if the server specifies a cipher, and the client does not, then use the server's cipher) 2) change the default to be AES. thanks, lamont To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1379132/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp