I have a requirement to set up an OpenVPN server that serves iOS clients, with the highest level or crypto possible regardless of performance.
Looks like Elliptic Curve stuff was merged into the 2.4 branch of the OpenVPN *community* software if I am not mistaken,
What about the iOS OpenVPN app - if no EC/ECDHE - what is the strongest cipher the iOS app support?
Thanks !
Does iOS app support any ciphers w/Elliptic Curve?
-
locusofself
- OpenVpn Newbie
- Posts: 1
- Joined: Thu Jan 07, 2016 10:28 pm
-
markhorrocks
- OpenVpn Newbie
- Posts: 9
- Joined: Tue Jul 18, 2017 9:03 pm
Re: Does iOS app support any ciphers w/Elliptic Curve?
I have the same question. I'm getting the following error when I try to use ecdh-curve secp521r1.
Mon Dec 11 08:58:25 2017 us=127229 110.54.131.60:43279 OpenSSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
Mon Dec 11 08:58:25 2017 us=127240 110.54.131.60:43279 TLS_ERROR: BIO read tls_read_plaintext error
Mon Dec 11 08:58:25 2017 us=127248 110.54.131.60:43279 TLS Error: TLS object -> incoming plaintext read error
Mon Dec 11 08:58:25 2017 us=127256 110.54.131.60:43279 TLS Error: TLS handshake failed
Mon Dec 11 08:58:25 2017 us=127229 110.54.131.60:43279 OpenSSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
Mon Dec 11 08:58:25 2017 us=127240 110.54.131.60:43279 TLS_ERROR: BIO read tls_read_plaintext error
Mon Dec 11 08:58:25 2017 us=127248 110.54.131.60:43279 TLS Error: TLS object -> incoming plaintext read error
Mon Dec 11 08:58:25 2017 us=127256 110.54.131.60:43279 TLS Error: TLS handshake failed
-
ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: Does iOS app support any ciphers w/Elliptic Curve?
soon a new release for iOS will be released. It will ship mbedTLS 2.6.0 and therefore will support several new ciphers, including EC*