search

qlwpub / ics-openvpn

Automatically exported from code.google.com/p/ics-openvpn
0 stars 0 forks source link

Feature Request: Support AES-512 Encryption and document options for this and Packet Authentication #217

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1.In the "Encryption Cipher" field put in aes-512-cbc
2.Client reports it doesn't this encryption type

What is the expected output? What do you see instead?
Client connects and doesn't error out.

What mobile phone are you using?
Nexus 5

Please provide any additional information below.

As well as supporting this I couldn't see which options the client does support 
for "Encryption Cipher" and "Packet Authentication". Is this documented 
somewhere? Not sure what levels of "Packet Authentication" supports does it so 
sha256 and sha512? If not, can it?

Original issue reported on code.google.com by simpf...@gmail.com on 9 Dec 2013 at 9:35

GoogleCodeExporter commented 9 years ago 
The ENcryption cipher and paket authentication corospond to the --cipher and 
--auth values of OpenVPN which are documented in the man page.

OpenVPN for Android support all ciphers/digest of the OpenSSL library on 
Android. In particulary I am pretty sure that AES-512 is not a cipher in any 
OpenSSL version.

Original comment by arne@rfc2549.org on 9 Dec 2013 at 9:45

GoogleCodeExporter commented 9 years ago 
Strange, yes the standard openvpn on my server and desktop systems seems to go 
up to AES-256 but dd-wrt's seems to manage to go up to AES-512. Not sure how it 
manages this can't find many details about it.

# openvpn --show-ciphers
The following ciphers and cipher modes are available
for use with OpenVPN.  Each cipher shown below may be
used as a parameter to the --cipher option.  The default
key size is shown as well as whether or not it can be
changed with the --keysize directive.  Using a CBC mode
is recommended.

DES-CBC 64 bit default key (fixed)
RC2-CBC 128 bit default key (variable)
DES-EDE-CBC 128 bit default key (fixed)
DES-EDE3-CBC 192 bit default key (fixed)
DESX-CBC 192 bit default key (fixed)
BF-CBC 128 bit default key (variable)
RC2-40-CBC 40 bit default key (variable)
CAST5-CBC 128 bit default key (variable)
RC2-64-CBC 64 bit default key (variable)
AES-128-CBC 128 bit default key (fixed)
AES-192-CBC 192 bit default key (fixed)
AES-256-CBC 256 bit default key (fixed)
SEED-CBC 128 bit default key (fixed)
AES-512-CBC 512 bit default key (fixed)

Original comment by simpf...@gmail.com on 9 Dec 2013 at 11:25