You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The default cipher allows an attack called SWEET32 , Recommended to use AES-256-CBC.!
You can look at client Log to see the same recomendation ;) i will list mine below..!!
Tue Oct 10 16:03:43 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Tue Oct 10 16:03:43 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 10 16:03:43 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Oct 10 16:03:43 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Tue Oct 10 16:03:43 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 10 16:03:43 2017 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Tue Oct 10 16:03:43 2017 interactive service msg_channel=776
Tue Oct 10 16:03:43 2017 open_tun
Tue Oct 10 16:03:43 2017 TAP-WIN32 device [Ethernet 2] opened: \.\Global{3F7CD79B-4334-40C2-8848-361FAD70394F}.tap
Tue Oct 10 16:03:43 2017 TAP-Windows Driver Version 9.21
Tue Oct 10 16:21:42 2017 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
The text was updated successfully, but these errors were encountered:
Hello Cad,
The default cipher allows an attack called SWEET32 , Recommended to use AES-256-CBC.!
You can look at client Log to see the same recomendation ;) i will list mine below..!!
Tue Oct 10 16:03:43 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Tue Oct 10 16:03:43 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 10 16:03:43 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Oct 10 16:03:43 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Tue Oct 10 16:03:43 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 10 16:03:43 2017 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Tue Oct 10 16:03:43 2017 interactive service msg_channel=776
Tue Oct 10 16:03:43 2017 open_tun
Tue Oct 10 16:03:43 2017 TAP-WIN32 device [Ethernet 2] opened: \.\Global{3F7CD79B-4334-40C2-8848-361FAD70394F}.tap
Tue Oct 10 16:03:43 2017 TAP-Windows Driver Version 9.21
Tue Oct 10 16:21:42 2017 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
The text was updated successfully, but these errors were encountered: