Is this a bug in OPENVPN ciphers?

[Deleted member 27741]

I have AES-128-CBC selected in rmerlin, when I connect to OPENVPN I get this (IP and date/time removed)-
openvpn[1840]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
openvpn[1840]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
openvpn[1840]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
openvpn[1840]: Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
openvpn[1840]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

Shouldn't the control channel be DHE-RSA-AES128-SHA?
When I add
tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
To the custom configuration commands, then I get this when I connect-

openvpn[4181]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
openvpn[4181]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
openvpn[4181]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
openvpn[4181]: Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
openvpn[4181]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 1024 bit RSA

Shouldn't the control channel have used AES128 in the first instance as well? What am I missing here?

 

[Deleted member 27741]

Still interested in knowing the answer to this. Why was the OPENVPN server using the AES-256 cipher when it was set to use the AES-128?

I am thinking there must be a facepalm kind of thing I don't know about here and someone knows it. Am I misinterpreting the logs?

 

[RMerlin]

They are two different things. The latter is only used for authentication, and uses a different type of cryptography.

A Google search provided this page as an explanation to the process:

http://vpnandusenetreviews.com/can-you-explain-openvpn-encryption

The control channel crypto is not specified by the router because it's determined based on the TLS handshake, while the cipher (what is controlable by the UI) must explicitely be set to be the same on both ends.

 

[Deleted member 27741]

I GET IT NOW! Is it just me, or is the documentation on this stuff lacking? Changing to AES-192 in the UI (and of course cipher AES-192 in ovpn file) gives this-

Data Channel Encrypt: Cipher 'AES-192-CBC' initialized with 192 bit key
Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Data Channel Decrypt: Cipher 'AES-192-CBC' initialized with 192 bit key
Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 1024 bit RSA

So, the value in the UI (and changing the value in the ovpn file) changes the data channel, and using tls-cipher changes the control channel. Good to know!

I initially got into using the tls-cipher command to shrink the list of available ciphers but ended using just one instead of citing a list. I think that using the command
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
will restrict the control channel to just that cipher, hardening attacks against weak ciphers.

So in the UI interface I now have AES-128 selected, and cipher AES-128 in the ovpn file.

In the custom configuration section of the router I have-
auth sha256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA

auth sha 256 to increase from the default of 128 bit hmac authentication and the tls-cipher command to restrict to one cipher, which works fine for my purposes.

A helpful hint for other prospective OPENVPN hardeners- use of the command
openvpn --show-tls
will give you a list of ciphers for the control channel, the (current) best of which available is the TLS-DHE-RSA-WITH-AES-256-CBC-SHA. At least, I can't get either of the top two ECDHE ciphers to work. Apparently that takes a bit of knowledge about certificates and such that I do not have.