Project

General

Profile

Actions

Bug #6191

closed

OpenVPN AES-GCM

Added by Michael Schefczyk over 8 years ago. Updated over 8 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
04/17/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

When doing "openvpn --show-tls" in the shell of pfSense 2.3, it does post a long list including

TLS-DHE-RSA-WITH-AES-256-GCM-SHA384

It is also included in the output of openssl ciphers, but not included in the OpenVPN drop down menu, however.

That should be a good candidate for a super secure OpenVPN which should also be fast with AES-NI. Given the fact, that you did include AES-NI support for AES-GCM in pfSense 2.3, this would be a logical next step.

Can this option enabled, please?

Actions #1

Updated by Michael Schefczyk over 8 years ago

It is sometimes claimed that TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 would only be available from OpenVPN 2.4 onwards. This is not in line with OpenVPN's current documentation:

https://community.openvpn.net/openvpn/wiki/Hardening

Actions #2

Updated by Chris Buechler over 8 years ago

  • Status changed from New to Not a Bug

--show-tls is not the same thing as --show-ciphers. AES-GCM is not a supported cipher in currently-available OpenVPN releases. When it is, we'll have it available automatically.

Actions

Also available in: Atom PDF