Arch Linux

mbw

Member

Registered: 2020-01-04

Posts: 38

How can you find out what kind of ciphers an OpenVPN server supports?

Like the title suggests, I would like to find out what happens if cipher negotiation fails.
I do not have access to the server in question.

First I encountered the error following error

2023-12-12 13:48:58 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
...
2023-12-12 13:48:58 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=DE, ST=BW, L=XYZ, O=XYZ, OU=XYZ, CN=server, name=vpn.xyz.de, emailAddress=xyz@xyz.de, serial=1

I can fix this by adding the following line to the client .ovpn file:

tls-cipher "DEFAULT:@SECLEVEL=0"

and the connection works, but that is probably not ideal.

But, I would like to find out what kind of better signature digest algorithms were available or have been negotiated.
I tried cranking up the verbosity to 11 but could not make sense of the output, I don't know what I need to look out for.
It also appears that multiple different cipher algorithms are used.

I also was not able to use Wireshark to gain insight into what happens at the time of cipher negotiation.
That could of course just be me having no idea how to use Wireshark properly.

What I would like to know is: What cipher algorithms did the server offer besides BF-CBC?
Should this expected to be secret?

-thc

Member

Registered: 2017-03-15

Posts: 775

Re: How can you find out what kind of ciphers an OpenVPN server supports?

An in-depth explanation of all the possible cipher options can be found here: https://openvpn.net/community-resources … penvpn-2-6

In general OpenVPN uses layers of encryption and identification:

- The control channel (TLS) will be negotiated with a minimum of TLS 1.2 (OpenVPN 2.6)
- After establishing the working control channel the certificates will be transferred and verified
- After the successful verification a data-cipher will be negotiated for the data transfer tunnel
- Routes and virtual adapters are set up with this cipher

The "Note:" is only relevant for very old servers (2.3 and lower), because the now missing fallback data-cipher (BF-CBC, which is too weak anyway) will possibly break connections to very old servers.

The "VERIFY ERROR:" says that the server certificate (the CA certificate) presented has a far too weak digest algorithm. This is an internal part of the certificate and is a possible sign that the certificate is way too old - the OpenVPN server admins should probably fix this. No OpenVPN option has any positive influence here.

Your "tls-cipher" option is quite brutal (forcing OpenVPN to simply accept all digest algorithms - "anything goes") and I would suggest rather not using this OpenVPN server at all.

The data-ciphers (modern replacements of BF-CBC like AES256-GCM) should be properly negotiated and should need no changes.

Last edited by -thc (2023-12-12 19:35:05)

mbw

Member

Registered: 2020-01-04

Posts: 38

Re: How can you find out what kind of ciphers an OpenVPN server supports?

I just talked to a colleague, wondering why I am the only one having this problem.
So, everybody on windows uses OpenVPN 3.X. I am not sure if this plays a role here, or why Arch Linux seemingly lags so far behind and would require me to use an AUR package if I wanted to use a more recent OpenVPN version.

In addition, apparently for them, the OpenVPN Connect app yields a "missing external client certificate" error, but they can proceed and connect nonetheless.
I don't know what that is, maybe I'll find some time to read up on that on the weekend.

But with this situation, and only Windows being officially supported as work device, I won't be able to bring up a reasonable case with the server admins unfortunately.

-thc

Member

Registered: 2017-03-15

Posts: 775

Re: How can you find out what kind of ciphers an OpenVPN server supports?

Sorry - a CA certificate with an weak digest algorithm is bad - regardless of the client software.

There are multiple branches of OpenVPN software via "openvpn.net":

- The commercial OpenVPN Access Server
- The "OpenVPN Connect" Client (3.x) for Windows and OSX
- OpenVPN3 for Linux, which is the official "OpenVPN Connect" download for Linux

- The "classic" OpenVPN server/client software ("Community downloads") - currently version 2.6.8

Arch does not "lag behind".

openvpn3 is available via AUR.

But with this situation, and only Windows being officially supported as work device, I won't be able to bring up a reasonable case with the server admins unfortunately.

Well - I'm an OpenVPN admin too and I support all server/client combinations regardless of the platforms involved - Android, iOS, OSX, Windows, Linux (Debian, Arch, Ubuntu, Synology DSM).

Because of the ever-changing IT security landscape I constantly strive to enhance the VPN security as much as possible. Which includes creating and replacing certificates as certain algorithms or key sizes became too weak (SHA1, RSA key sizes). So my clients didn't run into this error which is probably based on OpenVPN 2.6/OpenSSL3 no longer accepting SHA1 as a secure digest by default.

So you may easily guess what I think of your server admins.