Project

General

Profile

Actions

Bug #7685

closed

OpenVPN Auth Digest Algorithm list contains entries that are functionally identical and thus redundant

Added by Jim Pingle over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
OpenVPN
Target version:
Start date:
07/10/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

The way "openvpn --show-digests" works it ends up listing several algorithms that are functionally equivalent but some of the duplicate options do not work on other clients, which can be confusing for users.

For example, both RSA-SHA256 and SHA256 are in the list, but in this context openvpn only uses the SHA256 portion. Some clients can't use "RSA-SHA256" but can instead use "SHA256" and it works for both ends.

See https://security.stackexchange.com/questions/91908/using-rsa-sha-as-instead-hmac-in-openvpn and #7681

Actions

Also available in: Atom PDF