From patchwork Tue Feb 22 01:14:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 2310 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id jwMGGPjTFGKwIgAAqwncew (envelope-from ) for ; Tue, 22 Feb 2022 07:15:52 -0500 Received: from proxy5.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id wJcSLPjTFGKqYwAAalYnBA (envelope-from ) for ; Tue, 22 Feb 2022 07:15:52 -0500 Received: from smtp35.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.ord1d.rsapps.net with LMTPS id 4K8bLPjTFGI3SgAA8Zzt7w (envelope-from ) for ; Tue, 22 Feb 2022 07:15:52 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp35.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=lichtenheld.com X-Suspicious-Flag: YES X-Classification-ID: 2cf7f3fa-93d9-11ec-a9be-525400a7b7b4-1-1 Received: from [216.105.38.7] ([216.105.38.7:48814] helo=lists.sourceforge.net) by smtp35.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 14/75-19503-7F3D4126; Tue, 22 Feb 2022 07:15:52 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nMU4K-0007QW-0v; Tue, 22 Feb 2022 12:14:58 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nMU4J-0007QL-H6 for openvpn-devel@lists.sourceforge.net; Tue, 22 Feb 2022 12:14:58 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=HH8VnfcopuW9/QT/mDb3snWeL9kVB974wsyDanj6Nzw=; b=JTH8zlnr5w1xOOd2JduzF1rCGb 1dzrLkdpHqC2xgvVUQly1hEE+5L/iQLICzWo7YJd8GO/ITZ3C7cOfsiXxCqkvEJnQxL5SagYjn9VO vq49d+5eRXkuhFlLWkHmqGAXLqYhxL19RetCAl3orptuoL+uYtWYiH8TjTyYPZH/ZtZc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=HH8VnfcopuW9/QT/mDb3snWeL9kVB974wsyDanj6Nzw=; b=VZRvcvJOF4+mqD1YqiZCL+jjMq fb3fhNUzV7bcwAmK5xphH5bH69MhLb2p4iWddiXZki6Ok1+cL4mCpt8KSpcK1H+RCdD5rlxAexXiG K8+bpi3RlbqTHBHRgEgVkLQiBii7aF4H1mn48eAGGzSsnPY8+Nl5oArrtGRhi4MscIAQ=; Received: from mout-p-201.mailbox.org ([80.241.56.171]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nMU4G-0002xm-7n for openvpn-devel@lists.sourceforge.net; Tue, 22 Feb 2022 12:14:57 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [80.241.60.233]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4K2yln2bRLz9sV2; Tue, 22 Feb 2022 13:14:45 +0100 (CET) From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Tue, 22 Feb 2022 13:14:39 +0100 Message-Id: <20220222121439.1260-1-frank@lichtenheld.com> In-Reply-To: <20220221111933.1314-1-frank@lichtenheld.com> References: <20220221111933.1314-1-frank@lichtenheld.com> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: - Fix various formatting inconsistencies - Remove outdated (as of 2.6) information from --data-ciphers and instead add a link to cipher negotiation chapter. - Some drive-by fixes in related code comme [...] Content analysis details: (-0.7 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.171 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [80.241.56.171 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nMU4G-0002xm-7n Subject: [Openvpn-devel] [PATCH v2] doc: cleanup for --data-ciphers and related X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox - Fix various formatting inconsistencies - Remove outdated (as of 2.6) information from --data-ciphers and instead add a link to cipher negotiation chapter. - Some drive-by fixes in related code comments and log messages as I was reading them. Cc: Arne Schwabe Signed-off-by: Frank Lichtenheld --- doc/man-sections/cipher-negotiation.rst | 8 ++--- doc/man-sections/protocol-options.rst | 40 +++++++++++-------------- src/openvpn/options.c | 16 +++++----- 3 files changed, 29 insertions(+), 35 deletions(-) v2: - rip out outdated documentation from --data-cipers - add link to cipher negotiations documentation instead - some comment and message fixes in the code as I was going through it to understand it. - avoid any mention of NCP except as the names of the old options. Removed explanation of what NCP stands for again as should now not be required anymore. diff --git a/doc/man-sections/cipher-negotiation.rst b/doc/man-sections/cipher-negotiation.rst index 9bcaed0a..fad07480 100644 --- a/doc/man-sections/cipher-negotiation.rst +++ b/doc/man-sections/cipher-negotiation.rst @@ -34,7 +34,7 @@ mode and does not have ``--ncp-disable`` will always announce support for This only causes a problem if ``--ncp-ciphers`` option has been changed from the default of :code:`AES-256-GCM:AES-128-GCM` to a value that does not include -these two ciphers. When a OpenVPN servers try to use `AES-256-GCM` or +these two ciphers. When a OpenVPN server tries to use `AES-256-GCM` or `AES-128-GCM` the connection will then fail. It is therefore recommended to always have the `AES-256-GCM` and `AES-128-GCM` ciphers to the ``--ncp-ciphers`` options to avoid this behaviour. @@ -84,15 +84,15 @@ support. If the server is 2.3 or older and has been configured with the ``--enable-small`` :code:`./configure` argument, adding -``data-ciphers-fallback cipher`` to the client config with the explicit +``--data-ciphers-fallback cipher`` to the client config with the explicit cipher used by the server is necessary. Blowfish in CBC mode (BF-CBC) deprecation ------------------------------------------ -The ``--cipher`` option defaulted to ``BF-CBC`` in OpenVPN 2.4 and older +The ``--cipher`` option defaulted to `BF-CBC` in OpenVPN 2.4 and older version. The default was never changed to ensure backwards compatibility. In OpenVPN 2.5 this behaviour has now been changed so that if the ``--cipher`` -is not explicitly set it does not allow the weak ``BF-CBC`` cipher any more +is not explicitly set it does not allow the weak `BF-CBC` cipher any more and needs to explicitly added as ``--cipher BFC-CBC`` or added to ``--data-ciphers``. diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 1c6b1200..d52da185 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man-sections/protocol-options.rst @@ -73,7 +73,7 @@ configured in a compatible way between both the local and remote side. Starting with 2.6.0, this option is always ignored in TLS mode when it comes to configuring the cipher and will only control the cipher for ``--secret`` pre-shared-key mode (note: this mode is - deprecated strictly not recommended). + deprecated and strictly not recommended). If you wish to specify the cipher to use on the data channel, please see ``--data-ciphers`` (for regular negotiation) and @@ -87,8 +87,8 @@ configured in a compatible way between both the local and remote side. Set ``alg`` to :code:`none` to disable encryption. --compress algorithm - **DEPRECATED** Enable a compression algorithm. Compression is generally - not recommended. VPN tunnels which use compression are susceptible to + **DEPRECATED** Enable a compression algorithm. Compression is generally + not recommended. VPN tunnels which use compression are susceptible to the VORALCE attack vector. See also the :code:`migrate` parameter below. The ``algorithm`` parameter may be :code:`lzo`, :code:`lz4`, @@ -193,6 +193,10 @@ configured in a compatible way between both the local and remote side. supported by the client will be pushed to clients that support cipher negotiation. + For more details see the chapter on `Data channel cipher negotiation`_. + *Especially* if you need to support clients with OpenVPN versions older + than 2.5! + Starting with OpenVPN 2.6 a cipher can be prefixed with a :code:`?` to mark it as optional. This allows including ciphers in the list that may not be available on all platforms. @@ -201,25 +205,16 @@ configured in a compatible way between both the local and remote side. supports it. Cipher negotiation is enabled in client-server mode only. I.e. if - ``--mode`` is set to 'server' (server-side, implied by setting + ``--mode`` is set to `server` (server-side, implied by setting ``--server`` ), or if ``--pull`` is specified (client-side, implied by - setting --client). + setting ``--client``). If no common cipher is found during cipher negotiation, the connection is terminated. To support old clients/old servers that do not provide any cipher negotiation support see ``--data-ciphers-fallback``. - Additionally, to allow for more smooth transition, if NCP is enabled, - OpenVPN will inherit the cipher of the peer if that cipher is different - from the local ``--cipher`` setting, but the peer cipher is one of the - ciphers specified in ``--data-ciphers``. E.g. a non-NCP client (<=v2.3, - or with --ncp-disabled set) connecting to a NCP server (v2.4+) with - ``--cipher BF-CBC`` and ``--data-ciphers AES-256-GCM:AES-256-CBC`` set can - either specify ``--cipher BF-CBC`` or ``--cipher AES-256-CBC`` and both - will work. - - Note for using NCP with an OpenVPN 2.4 peer: This list must include the - :code:`AES-256-GCM` and :code:`AES-128-GCM` ciphers. + If ``--compat-mode`` is set to a version older than 2.5.0 ``--cipher`` + will be appended to ``--data-ciphers`` if not already present. This list is restricted to be 127 chars long after conversion to OpenVPN ciphers. @@ -228,14 +223,13 @@ configured in a compatible way between both the local and remote side. to ``--data-ciphers`` in OpenVPN 2.5 to more accurately reflect its meaning. --data-ciphers-fallback alg + Configure a cipher that is used to fall back to if we could not determine + which cipher the peer is willing to use. - Configure a cipher that is used to fall back to if we could not determine - which cipher the peer is willing to use. - - This option should only be needed to - connect to peers that are running OpenVPN 2.3 and older version, and - have been configured with `--enable-small` - (typically used on routers or other embedded devices). + This option should only be needed to + connect to peers that are running OpenVPN 2.3 or older versions, and + have been configured with ``--enable-small`` + (typically used on routers or other embedded devices). --secret args **DEPRECATED** Enable Static Key encryption mode (non-TLS). Use pre-shared secret diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 7ce0ba61..075aad65 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3141,7 +3141,7 @@ options_postprocess_cipher(struct options *o) msg(M_INFO, "Note: --cipher is not set. OpenVPN versions before 2.5 " "defaulted to BF-CBC as fallback when cipher negotiation " "failed in this case. If you need this fallback please add " - "'--data-ciphers-fallback 'BF-CBC' to your configuration " + "'--data-ciphers-fallback BF-CBC' to your configuration " "and/or add BF-CBC to --data-ciphers."); } else if (!o->enable_ncp_fallback @@ -3155,13 +3155,13 @@ options_postprocess_cipher(struct options *o) } /** - * The option --compat-mode is used to set up default settings to values + * The option --compat-mode is used to set up default settings to values * used on the specified openvpn version and earlier. * * This function is used in various "default option" paths to test if the * user requested compatibility with a version before the one specified - * as argument. This way some default settings can be automatically - * altered to guarantee compatibility with the version specified by the + * as argument. This way some default settings can be automatically + * altered to guarantee compatibility with the version specified by the * user via --compat-mode. * * @param version need compatibility with openvpn versions before the @@ -3219,11 +3219,11 @@ options_set_backwards_compatible_options(struct options *o) } /* Versions < 2.5.0 do need --cipher in the list of accepted ciphers. - * Version 2.4 might probably does not need it but NCP was not so + * Version 2.4 probably does not need it but NCP was not so * good with 2.4 and ncp-disable might be more common on 2.4 peers. - * Only do this iif --cipher is not explicitly (BF-CBC). This is not - * 100% correct backwards compatible behaviour but 2.5 already behaved like - * this */ + * Only do this if --cipher is set explicitly (or compat mode is + * < 2.4.0, see above). This is not 100% correct backwards compatible + * behaviour but 2.5 already behaved like this */ if (o->ciphername && need_compatibility_before(o, 20500) && !tls_item_in_cipher_list(o->ciphername, o->ncp_ciphers)) {