Setting Xenial to wontfix since it did reach its end of standard support
period.
** Changed in: openvpn (Ubuntu Xenial)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/b
In the upstream issue 673 [1].
Upstream removed some ciphers and ordered the others by preference.
That is fixed in >=Yakkety then.
@Seth - do you think we want/need to backport that change to Xenial?
[1]: https://community.openvpn.net/openvpn/ticket/673
** Bug watch added: community.openvpn.n
Wow, this is really depressing.
I don't know how openvpn does session key negotiation but unless they're
careful they may wind up exposing aes-256's 2^99-level-security related-
key attacks. aes-128 is probably fine for the control channel and
doesn't have the same related-key issues.
Thanks
--
The default of a 16.04<->16.04 connection still is:
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048
bit RSA
In bug 156771
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: openvpn (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1379132
Title:
op
