OpenVPN2.3.1 release. Parsing tls-cipher ':' separated value

Weekly dev snapshots are available for testing.
We talk about them here. Testing features in the dev snapshot helps the features make it to stable.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
Post Reply
notko
OpenVpn Newbie
Posts: 2
Joined: Fri May 31, 2013 12:48 pm

OpenVPN2.3.1 release. Parsing tls-cipher ':' separated value

Post by notko » Fri May 31, 2013 2:06 pm

Maybe not the right place to write this here but I am doing it anyway.

When trying to establish connection to IPvanish service using OpenVpn 2.3.1, freeBSD 9.1 port, I kept getting:

Code: Select all

Fri May 31 14:15:30 2013 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
14:15:30 2013 No valid translation found for TLS cipher 'DHE-DSS-AES256-SHA:AES256-SHA'
14:15:30 2013 Failed to set restricted TLS cipher list, too long (>zu). (OpenSSL)
14:15:30 2013 Exiting due to fatal error
In the log.

openvpn.conf:

Code: Select all

client
dev tun
proto tcp
remote sto-b01.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.ipvanish.com.crt
tls-remote sto-b01.ipvanish.com
auth-user-pass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA
script-security 2
When i tried OpenVpn 2.3.1 Win64 with same config and getting pretty much the same log, i felt compelled to go to the source. Downloaded the release source code and looking at it with tears of nostalgia rolling down my cheeks, what did I see?

Code: Select all

ssl_openssl.c:l221:
end_of_cipher = strcspn(&ciphers[begin_of_cipher], ":"); 
Suggest change to:

Code: Select all

end_of_cipher = begin_of_cipher + strcspn(&ciphers[begin_of_cipher], ":");

notko
OpenVpn Newbie
Posts: 2
Joined: Fri May 31, 2013 12:48 pm

Re: OpenVPN2.3.1 release. Parsing tls-cipher ':' separated v

Post by notko » Fri May 31, 2013 2:09 pm

Sorry, double posting

Post Reply