Todo #14686


Check for deprecated OpenVPN encryption and digest options on upgrade

Added by Jim Pingle 8 months ago. Updated 6 months ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:


OpenSSL 3.x deprecated several algorithms for encryption and digest.

Encryption algorithms removed from OpenVPN:

  • ARIA
  • Blowfish (e.g. BF-CBC), which was formerly an OpenVPN default
  • CAST5
  • DES
  • DESX
  • IDEA
  • RC2
  • RC5
  • SEED
  • SM4

Hash algorithms removed from OpenVPN:

  • MD4
  • MDC2
  • SM3
  • Whirlpool

On upgrade these should be removed and replaced with a stronger default.

Deprecated encryption options should be removed and replaced with valid options. In the interest of compatibility, we can replace these with the current recommended defaults, rather than disabling the tunnel and forcing the user to correct the options manually.

If there are no valid ciphers remaining in the data_ciphers list, replace it with AES-256-GCM,AES-128-GCM,CHACHA20-POLY1305

If data_ciphers_fallback is using a deprecated value, replace it with AES-256-CBC

If digest is using an invalid value, replace it with SHA256

Notify the user if any changes are made, similar to what was done for IPsec in the past (See upgrade_227_to_228())

We also need to check if the certificate is using a weak digest but that's in issue #14677 though it may be lumped into the same upgrade code function.

N.B. Though in theory using the legacy provider may allow these weak algorithms to function, it's past time to retire them and if someone wants to dig into doing that in custom options, that's left as an exercise for the reader. We shouldn't add support for that into the GUI or backend.


Actions #1

Updated by Jim Pingle 8 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Jim Pingle 8 months ago

  • Subject changed from Check for usage of deprecated options on upgrade to builds with OpenSSL 3.x to Check for deprecated OpenVPN encryption and digest options on upgrade

Updating subject for release notes.

Actions #3

Updated by Chris W 8 months ago

I used the wizard to make an OpenVPN server in 23.05, then manually:
- Confirmed all the algorithm choices listed above were available.
- Added ARIA 128 CBC to the Allowed Data Encryption Algorithm box and removed the default AES-GCM and CHACHA/POLY lines.
- Set auth digest to MD4
- Set fallback to BF-CBC-128

After upgrading directly to:
23.09-DEVELOPMENT (amd64)
built on Sat Aug 26 17:37:15 UTC 2023
FreeBSD 14.0-ALPHA2

- The deprecated choices above weren't available anymore, however DES-ED and DES-EDE were still available (screenshots). Not sure if that's intended.
- Algorithms were set back to the defaults of:
- Allowed Data Encryption Algorithm: AES-256-GCM, AES-256-GCM, and CHACHA20-POLY1305
- Fallback Data Encryption Algorithm: AES-256-CBC
- Auth digest algorithm: SHA256

Actions #4

Updated by Jim Pingle 8 months ago

  • Status changed from Feedback to Resolved

The list of current algorithms is pulled dynamically from OpenVPN/OpenSSL, so if it's in the list on a current snapshot it's still supported (for now).

So long as the other behavior is correct, which it appears to be, I think we're in good shape here. Closing this out for now, if someone hits an issue we can either reopen it or treat it separately.

Actions #5

Updated by Jim Pingle 6 months ago

  • Target version changed from 2.8.0 to 2.7.1

Also available in: Atom PDF