[Group.of.nepali.translators] [Bug 1567717] Re: openvpn supports many cipher suites that it probably shouldn't
Thanks Christian; I think we can probably close this due to "The --cipher and --auth options are not negotiable, so I see less risk there" in the upstream ticket. There's doubtless higher-priority things to work on than preventing poor security configurations. Thanks ** Changed in: openvpn (Ubuntu Xenial) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1567717 Title: openvpn supports many cipher suites that it probably shouldn't Status in OpenVPN: Unknown Status in openvpn package in Ubuntu: Fix Released Status in openvpn source package in Xenial: Won't Fix Bug description: On xenial: ~$ openvpn --show-tls Available TLS Ciphers, listed in order of preference: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA SRP-AES-256-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-AES256-GCM-SHA384 (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 DH-RSA-AES256-GCM-SHA384 (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 DH-RSA-AES256-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-AES256-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-AES-256-CBC-SHA TLS-DHE-DSS-WITH-AES-256-CBC-SHA DH-RSA-AES256-SHA (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-AES256-SHA (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA DH-RSA-CAMELLIA256-SHA (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-CAMELLIA256-SHA (No IANA name known to OpenVPN, use OpenSSL name.) TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 TLS-ECDH-RSA-WITH-AES-256-CBC-SHA TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA TLS-RSA-WITH-AES-256-GCM-SHA384 TLS-RSA-WITH-AES-256-CBC-SHA256 TLS-RSA-WITH-AES-256-CBC-SHA TLS-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-PSK-WITH-AES-256-CBC-SHA TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA SRP-AES-128-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-AES128-GCM-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 DH-RSA-AES128-GCM-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 DH-RSA-AES128-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-AES128-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-AES-128-CBC-SHA TLS-DHE-DSS-WITH-AES-128-CBC-SHA DH-RSA-AES128-SHA (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-AES128-SHA (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-SEED-CBC-SHA TLS-DHE-DSS-WITH-SEED-CBC-SHA TLS-DH-RSA-WITH-SEED-CBC-SHA TLS-DH-DSS-WITH-SEED-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA DH-RSA-CAMELLIA128-SHA (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-CAMELLIA128-SHA (No IANA name known to OpenVPN, use OpenSSL name.) TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 TLS-ECDH-RSA-WITH-AES-128-CBC-SHA TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA TLS-RSA-WITH-AES-128-GCM-SHA256 TLS-RSA-WITH-AES-128-CBC-SHA256 TLS-RSA-WITH-AES-128-CBC-SHA TLS-RSA-WITH-SEED-CBC-SHA TLS-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-PSK-WITH-AES-128-CBC-SHA TLS-ECDHE-RSA-WITH-RC4-128-SHA TLS-ECDHE-ECDSA-WITH-RC4-128-SHA TLS-ECDH-RSA-WITH-RC4-128-SHA TLS-ECDH-ECDSA-WITH-RC4-128-SHA TLS-RSA-WITH-RC4-128-SHA TLS-RSA-WITH-RC4-128-MD5 TLS-PSK-WITH-RC4-128-SHA TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA SRP-3DES-EDE-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA DH-RSA-DES-CBC3-SHA (No IANA name known to OpenVPN, use
[Group.of.nepali.translators] [Bug 1567717] Re: openvpn supports many cipher suites that it probably shouldn't
Thanks Merlijn for the link. That means that 2.3.11 is fixed which in turn means >=Yakkety is fine. Seth, what is the security Teams position on that for Xenial now? ** Also affects: openvpn (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: openvpn (Ubuntu Xenial) Status: New => Confirmed ** Changed in: openvpn (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: openvpn (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1567717 Title: openvpn supports many cipher suites that it probably shouldn't Status in OpenVPN: Unknown Status in openvpn package in Ubuntu: Fix Released Status in openvpn source package in Xenial: Confirmed Bug description: On xenial: ~$ openvpn --show-tls Available TLS Ciphers, listed in order of preference: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA SRP-AES-256-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-AES256-GCM-SHA384 (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 DH-RSA-AES256-GCM-SHA384 (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 DH-RSA-AES256-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-AES256-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-AES-256-CBC-SHA TLS-DHE-DSS-WITH-AES-256-CBC-SHA DH-RSA-AES256-SHA (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-AES256-SHA (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA DH-RSA-CAMELLIA256-SHA (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-CAMELLIA256-SHA (No IANA name known to OpenVPN, use OpenSSL name.) TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 TLS-ECDH-RSA-WITH-AES-256-CBC-SHA TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA TLS-RSA-WITH-AES-256-GCM-SHA384 TLS-RSA-WITH-AES-256-CBC-SHA256 TLS-RSA-WITH-AES-256-CBC-SHA TLS-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-PSK-WITH-AES-256-CBC-SHA TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA SRP-AES-128-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-AES128-GCM-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 DH-RSA-AES128-GCM-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 DH-RSA-AES128-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-AES128-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-AES-128-CBC-SHA TLS-DHE-DSS-WITH-AES-128-CBC-SHA DH-RSA-AES128-SHA (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-AES128-SHA (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-SEED-CBC-SHA TLS-DHE-DSS-WITH-SEED-CBC-SHA TLS-DH-RSA-WITH-SEED-CBC-SHA TLS-DH-DSS-WITH-SEED-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA DH-RSA-CAMELLIA128-SHA (No IANA name known to OpenVPN, use OpenSSL name.) DH-DSS-CAMELLIA128-SHA (No IANA name known to OpenVPN, use OpenSSL name.) TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 TLS-ECDH-RSA-WITH-AES-128-CBC-SHA TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA TLS-RSA-WITH-AES-128-GCM-SHA256 TLS-RSA-WITH-AES-128-CBC-SHA256 TLS-RSA-WITH-AES-128-CBC-SHA TLS-RSA-WITH-SEED-CBC-SHA TLS-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-PSK-WITH-AES-128-CBC-SHA TLS-ECDHE-RSA-WITH-RC4-128-SHA TLS-ECDHE-ECDSA-WITH-RC4-128-SHA TLS-ECDH-RSA-WITH-RC4-128-SHA TLS-ECDH-ECDSA-WITH-RC4-128-SHA TLS-RSA-WITH-RC4-128-SHA TLS-RSA-WITH-RC4-128-MD5 TLS-PSK-WITH-RC4-128-SHA TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA SRP-3DES-EDE-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.)