OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Some ciphers not working with OpenVPN

https://forums.openvpn.net/viewtopic.php?t=8007

Page 1 of 1

Some ciphers not working with OpenVPN

Posted: Tue Apr 26, 2011 9:32 am
by marssi
Hi,

I have a problem with some of the ciphers with OpenVPN. When trying to run command

Code: Select all

openvpn --secret ta.key --cipher ${a} --test-crypto
where a is some of the ciphers it fails. If it fails the message seems to be the same.

Code: Select all

OpenVPN 2.1.3 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Apr 12 2011
OpenVPN 2.1.3 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Apr 12 2011
Entering OpenVPN crypto self-test mode.
TESTING ENCRYPT/DECRYPT of packet length=1
Assertion failed at crypto.c:162
Exiting
My command for testing all the ciphers was

Code: Select all

for a in $(openvpn --show-ciphers|sed '1,7d;$d;s/\(\([^ ]*\) \)\{1\}.*/\2/;'|tr '\n' ' '); do openvpn --secret ta.key --cipher ${a} --test-crypto &>/dev/null ||echo ${a}; done
There probably would be some simpler method if anyone would want to share.

The list of failing ciphers is the following, they mostly seem to be using CFB or OFB mode. They all work for me with openssl, which I tested with the command

Code: Select all

for a in $(openvpn --show-ciphers|sed '1,7d;$d;s/\(\([^ ]*\) \)\{1\}.*/\2/;'|tr '\n' ' '); do openssl speed -evp $a &> /dev/null || echo $a; done
  • DES-CFB
    RC2-CFB
    RC2-OFB
    DES-OFB
    DES-EDE-CFB
    DES-EDE3-CFB
    DES-EDE-OFB
    DES-EDE3-OFB
    BF-CFB
    BF-OFB
    CAST5-CFB
    CAST5-OFB
    AES-128-OFB
    AES-128-CFB
    AES-192-OFB
    AES-192-CFB
    AES-256-OFB
    AES-256-CFB
    AES-128-CFB1
    AES-192-CFB1
    AES-256-CFB1
    AES-128-CFB8
    AES-192-CFB8
    AES-256-CFB8
    DES-CFB1
    DES-CFB8
    DES-EDE3-CFB1
    DES-EDE3-CFB8
    CAMELLIA-128-CFB
    CAMELLIA-192-CFB
    CAMELLIA-256-CFB
    CAMELLIA-128-CFB1
    CAMELLIA-192-CFB1
    CAMELLIA-256-CFB1
    CAMELLIA-128-CFB8
    CAMELLIA-192-CFB8
    CAMELLIA-256-CFB8
    CAMELLIA-128-OFB
    CAMELLIA-192-OFB
    CAMELLIA-256-OFB
    SEED-OFB
    SEED-CFB
The following ciphers work, they all seem to using the CBC mode.
  • AES-128-CBC
    AES-192-CBC
    AES-256-CBC
    BF-CBC
    CAMELLIA-128-CBC
    CAMELLIA-192-CBC
    CAMELLIA-256-CBC
    CAST5-CBC
    DES-CBC
    DES-EDE-CBC
    DES-EDE3-CBC
    DESX-CBC
    RC2-40-CBC
    RC2-64-CBC
    RC2-CBC
    SEED-CBC
Some of the used software is.
  • Kernel 2.6.38
    OpenSSL 1.0.0d
    OpenVPN 2.1.3
Does any one have an idea why some ciphers are failing and how to get them to work with OpenVPN?

Re: Some ciphers not working with OpenVPN

Posted: Tue Apr 26, 2011 10:13 am
by janjust
Hi,

thanks for your report; this was already reported as a bug:
https://community.openvpn.net/openvpn/ticket/89
I've added your info to the ticket. We'll have to wait for the developers to see what the right solution is; I tried fiddling with the cipher code myself but could never get it to work. Getting past the 'assert failed' error was easy, but a full-blown --test-crypto test was harder to do.

Re: Some ciphers not working with OpenVPN

Posted: Tue Apr 26, 2011 10:51 am
by marssi
Hi Jan,

Thanks for the fast reply. I looked at the report and added some information to the bug report. I tested the ciphers with the 2.2 series and with my testing the CFB and OFB modes failed. I also tested the 1.6 version but it didn't have OFB nor CFB modes available for me.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/