List or indicator of supported/usupported ciphers and hashes
Posted: Sun Jun 02, 2013 2:14 pm
I request OpenVPN sort the --show-tls --show-ciphers --show-digests lists under two headings, "Supported" and "Not supported" i.e:
openvpn --show-tls
Available TLS Ciphers,
listed in order of preference:
Supported TLS-Ciphers:
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-DSS-WITH-AES-256-CBC-SHA
Not supported:
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA
TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
...or to add (supported) or (not supported) beside each value:
Available TLS Ciphers,
listed in order of preference:
TLS-DHE-RSA-WITH-AES-256-CBC-SHA (supported)
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 (not supported)
I find it very frustrating since none of the OpenVPN documentation covers which ciphers/digests are supported or not. Printing the --show options will not tell you either, giving the user the false impression that all of the items listed are supported because they are showing up in the list, and no way of telling which works and which does not.
Thanks for reading.
openvpn --show-tls
Available TLS Ciphers,
listed in order of preference:
Supported TLS-Ciphers:
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-DSS-WITH-AES-256-CBC-SHA
Not supported:
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA
TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
...or to add (supported) or (not supported) beside each value:
Available TLS Ciphers,
listed in order of preference:
TLS-DHE-RSA-WITH-AES-256-CBC-SHA (supported)
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 (not supported)
I find it very frustrating since none of the OpenVPN documentation covers which ciphers/digests are supported or not. Printing the --show options will not tell you either, giving the user the false impression that all of the items listed are supported because they are showing up in the list, and no way of telling which works and which does not.
Thanks for reading.