Client configuration cipher specification
I created client configuration using ovs build-generic-client
and
loaded it with OpenVPN 2.4.7 on OpenBSD 6.6.
The client had cipher AES-256
specified. The server only allowed
BF-CBC. I ended up removing the cipher
line from the client config
file and the VPN connected ok; the normal TLS cipher negotiation in
the handshake worked as it should.
Should generated client configuration specify just 1 cipher, or any ciphers at all?
Here are 2 possible fixes:
Simply do not specify a cipher on the client at all, and rely on cipher negotiation in the TLS handshake. In sol1 internal chat it was mentioned that this may open clients up to downgrade attacks. That's true in general in TLS. But using openvpn-server means we are in total control of the server. If restricting the set of available ciphers is desired, then that could just be done on the server to significantly simply administration.
Another is to ensure that the clients can only built specifying ciphers that the server supports. This may mean something like parsing the openvpn server configuration file before generating clients. A later change of cipher on the server means client configuration must be modified.