Mageia Bugzilla – Attachment 10297 Details for
Bug 23286
openvpn new security issue CVE-2018-9336
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
output from client execute
client (text/plain), 10.61 KB, created by
Brian Rockwell
on 2018-07-28 16:42:33 CEST
(
hide
)
Description:
output from client execute
Filename:
MIME Type:
Creator:
Brian Rockwell
Created:
2018-07-28 16:42:33 CEST
Size:
10.61 KB
patch
obsolete
>Sat Jul 28 09:35:12 2018 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode >Sat Jul 28 09:35:12 2018 WARNING: file '/usr/share/openvpn/sample-keys/client.key' is group or others accessible >Sat Jul 28 09:35:12 2018 WARNING: file '/usr/share/openvpn/sample-keys/ta.key' is group or others accessible >Sat Jul 28 09:35:12 2018 OpenVPN 2.4.4 i586-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 7 2018 >Sat Jul 28 09:35:12 2018 library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.09 >Sat Jul 28 09:35:12 2018 WARNING: --ping should normally be used with --ping-restart or --ping-exit >Sat Jul 28 09:35:12 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:35:12 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:35:12 2018 TCP/UDP: Preserving recently used remote address: [AF_INET6]::1:16000 >Sat Jul 28 09:35:12 2018 Socket Buffers: R=[163840->163840] S=[163840->163840] >Sat Jul 28 09:35:12 2018 setsockopt(IPV6_V6ONLY=0) >Sat Jul 28 09:35:12 2018 UDP link local (bound): [AF_INET6]::1:16001 >Sat Jul 28 09:35:12 2018 UDP link remote: [AF_INET6]::1:16000 >Sat Jul 28 09:35:12 2018 TLS: Initial packet from [AF_INET6]::1:16000, sid=87c07604 0836c2d4 >Sat Jul 28 09:35:12 2018 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain >Sat Jul 28 09:35:12 2018 VERIFY KU OK >Sat Jul 28 09:35:12 2018 Validating certificate extended key usage >Sat Jul 28 09:35:12 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication >Sat Jul 28 09:35:12 2018 VERIFY EKU OK >Sat Jul 28 09:35:12 2018 VERIFY OK: depth=0, C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain >Sat Jul 28 09:35:12 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key >Sat Jul 28 09:35:12 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). >Sat Jul 28 09:35:12 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:35:12 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key >Sat Jul 28 09:35:12 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). >Sat Jul 28 09:35:12 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:35:12 2018 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks. >Sat Jul 28 09:35:12 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA >Sat Jul 28 09:35:12 2018 [Test-Server] Peer Connection Initiated with [AF_INET6]::1:16000 >Sat Jul 28 09:35:13 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this >Sat Jul 28 09:35:13 2018 Initialization Sequence Completed >Sat Jul 28 09:35:23 2018 TLS: soft reset sec=-1 bytes=998/67108864 pkts=19/0 >Sat Jul 28 09:35:23 2018 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain >Sat Jul 28 09:35:23 2018 VERIFY KU OK >Sat Jul 28 09:35:23 2018 Validating certificate extended key usage >Sat Jul 28 09:35:23 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication >Sat Jul 28 09:35:23 2018 VERIFY EKU OK >Sat Jul 28 09:35:23 2018 VERIFY OK: depth=0, C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain >Sat Jul 28 09:35:23 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key >Sat Jul 28 09:35:23 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). >Sat Jul 28 09:35:23 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:35:23 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key >Sat Jul 28 09:35:23 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). >Sat Jul 28 09:35:23 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:35:23 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA >Sat Jul 28 09:35:33 2018 TLS: soft reset sec=0 bytes=525/67108864 pkts=10/0 >Sat Jul 28 09:35:33 2018 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain >Sat Jul 28 09:35:33 2018 VERIFY KU OK >Sat Jul 28 09:35:33 2018 Validating certificate extended key usage >Sat Jul 28 09:35:33 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication >Sat Jul 28 09:35:33 2018 VERIFY EKU OK >Sat Jul 28 09:35:33 2018 VERIFY OK: depth=0, C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain >Sat Jul 28 09:35:33 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key >Sat Jul 28 09:35:33 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). >Sat Jul 28 09:35:33 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:35:33 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key >Sat Jul 28 09:35:33 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). >Sat Jul 28 09:35:33 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:35:33 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA >Sat Jul 28 09:35:43 2018 TLS: soft reset sec=0 bytes=578/67108864 pkts=11/0 >Sat Jul 28 09:35:43 2018 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain >Sat Jul 28 09:35:43 2018 VERIFY KU OK >Sat Jul 28 09:35:43 2018 Validating certificate extended key usage >Sat Jul 28 09:35:43 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication >Sat Jul 28 09:35:43 2018 VERIFY EKU OK >Sat Jul 28 09:35:43 2018 VERIFY OK: depth=0, C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain >Sat Jul 28 09:35:43 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key >Sat Jul 28 09:35:43 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). >Sat Jul 28 09:35:43 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:35:43 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key >Sat Jul 28 09:35:43 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). >Sat Jul 28 09:35:43 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:35:43 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA >Sat Jul 28 09:35:54 2018 TLS: soft reset sec=-1 bytes=630/67108864 pkts=12/0 >Sat Jul 28 09:35:54 2018 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain >Sat Jul 28 09:35:54 2018 VERIFY KU OK >Sat Jul 28 09:35:54 2018 Validating certificate extended key usage >Sat Jul 28 09:35:54 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication >Sat Jul 28 09:35:54 2018 VERIFY EKU OK >Sat Jul 28 09:35:54 2018 VERIFY OK: depth=0, C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain >Sat Jul 28 09:35:54 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key >Sat Jul 28 09:35:54 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). >Sat Jul 28 09:35:54 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:35:54 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key >Sat Jul 28 09:35:54 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). >Sat Jul 28 09:35:54 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:35:54 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA >Sat Jul 28 09:36:04 2018 TLS: soft reset sec=0 bytes=473/67108864 pkts=9/0 >Sat Jul 28 09:36:04 2018 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain >Sat Jul 28 09:36:04 2018 VERIFY KU OK >Sat Jul 28 09:36:04 2018 Validating certificate extended key usage >Sat Jul 28 09:36:04 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication >Sat Jul 28 09:36:04 2018 VERIFY EKU OK >Sat Jul 28 09:36:04 2018 VERIFY OK: depth=0, C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain >Sat Jul 28 09:36:04 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key >Sat Jul 28 09:36:04 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). >Sat Jul 28 09:36:04 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:36:04 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key >Sat Jul 28 09:36:04 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). >Sat Jul 28 09:36:04 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication >Sat Jul 28 09:36:04 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA >Sat Jul 28 09:36:12 2018 event_wait : Interrupted system call (code=4) >Sat Jul 28 09:36:12 2018 Closing TUN/TAP interface >Sat Jul 28 09:36:12 2018 SIGINT[hard,] received, process exiting
Sat Jul 28 09:35:12 2018 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode Sat Jul 28 09:35:12 2018 WARNING: file '/usr/share/openvpn/sample-keys/client.key' is group or others accessible Sat Jul 28 09:35:12 2018 WARNING: file '/usr/share/openvpn/sample-keys/ta.key' is group or others accessible Sat Jul 28 09:35:12 2018 OpenVPN 2.4.4 i586-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 7 2018 Sat Jul 28 09:35:12 2018 library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.09 Sat Jul 28 09:35:12 2018 WARNING: --ping should normally be used with --ping-restart or --ping-exit Sat Jul 28 09:35:12 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:35:12 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:35:12 2018 TCP/UDP: Preserving recently used remote address: [AF_INET6]::1:16000 Sat Jul 28 09:35:12 2018 Socket Buffers: R=[163840->163840] S=[163840->163840] Sat Jul 28 09:35:12 2018 setsockopt(IPV6_V6ONLY=0) Sat Jul 28 09:35:12 2018 UDP link local (bound): [AF_INET6]::1:16001 Sat Jul 28 09:35:12 2018 UDP link remote: [AF_INET6]::1:16000 Sat Jul 28 09:35:12 2018 TLS: Initial packet from [AF_INET6]::1:16000, sid=87c07604 0836c2d4 Sat Jul 28 09:35:12 2018 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain Sat Jul 28 09:35:12 2018 VERIFY KU OK Sat Jul 28 09:35:12 2018 Validating certificate extended key usage Sat Jul 28 09:35:12 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sat Jul 28 09:35:12 2018 VERIFY EKU OK Sat Jul 28 09:35:12 2018 VERIFY OK: depth=0, C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain Sat Jul 28 09:35:12 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 28 09:35:12 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:35:12 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:35:12 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 28 09:35:12 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:35:12 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:35:12 2018 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks. Sat Jul 28 09:35:12 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Sat Jul 28 09:35:12 2018 [Test-Server] Peer Connection Initiated with [AF_INET6]::1:16000 Sat Jul 28 09:35:13 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sat Jul 28 09:35:13 2018 Initialization Sequence Completed Sat Jul 28 09:35:23 2018 TLS: soft reset sec=-1 bytes=998/67108864 pkts=19/0 Sat Jul 28 09:35:23 2018 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain Sat Jul 28 09:35:23 2018 VERIFY KU OK Sat Jul 28 09:35:23 2018 Validating certificate extended key usage Sat Jul 28 09:35:23 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sat Jul 28 09:35:23 2018 VERIFY EKU OK Sat Jul 28 09:35:23 2018 VERIFY OK: depth=0, C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain Sat Jul 28 09:35:23 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 28 09:35:23 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:35:23 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:35:23 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 28 09:35:23 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:35:23 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:35:23 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Sat Jul 28 09:35:33 2018 TLS: soft reset sec=0 bytes=525/67108864 pkts=10/0 Sat Jul 28 09:35:33 2018 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain Sat Jul 28 09:35:33 2018 VERIFY KU OK Sat Jul 28 09:35:33 2018 Validating certificate extended key usage Sat Jul 28 09:35:33 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sat Jul 28 09:35:33 2018 VERIFY EKU OK Sat Jul 28 09:35:33 2018 VERIFY OK: depth=0, C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain Sat Jul 28 09:35:33 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 28 09:35:33 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:35:33 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:35:33 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 28 09:35:33 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:35:33 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:35:33 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Sat Jul 28 09:35:43 2018 TLS: soft reset sec=0 bytes=578/67108864 pkts=11/0 Sat Jul 28 09:35:43 2018 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain Sat Jul 28 09:35:43 2018 VERIFY KU OK Sat Jul 28 09:35:43 2018 Validating certificate extended key usage Sat Jul 28 09:35:43 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sat Jul 28 09:35:43 2018 VERIFY EKU OK Sat Jul 28 09:35:43 2018 VERIFY OK: depth=0, C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain Sat Jul 28 09:35:43 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 28 09:35:43 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:35:43 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:35:43 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 28 09:35:43 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:35:43 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:35:43 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Sat Jul 28 09:35:54 2018 TLS: soft reset sec=-1 bytes=630/67108864 pkts=12/0 Sat Jul 28 09:35:54 2018 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain Sat Jul 28 09:35:54 2018 VERIFY KU OK Sat Jul 28 09:35:54 2018 Validating certificate extended key usage Sat Jul 28 09:35:54 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sat Jul 28 09:35:54 2018 VERIFY EKU OK Sat Jul 28 09:35:54 2018 VERIFY OK: depth=0, C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain Sat Jul 28 09:35:54 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 28 09:35:54 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:35:54 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:35:54 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 28 09:35:54 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:35:54 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:35:54 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Sat Jul 28 09:36:04 2018 TLS: soft reset sec=0 bytes=473/67108864 pkts=9/0 Sat Jul 28 09:36:04 2018 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain Sat Jul 28 09:36:04 2018 VERIFY KU OK Sat Jul 28 09:36:04 2018 Validating certificate extended key usage Sat Jul 28 09:36:04 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sat Jul 28 09:36:04 2018 VERIFY EKU OK Sat Jul 28 09:36:04 2018 VERIFY OK: depth=0, C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain Sat Jul 28 09:36:04 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 28 09:36:04 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:36:04 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:36:04 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 28 09:36:04 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:36:04 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 28 09:36:04 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Sat Jul 28 09:36:12 2018 event_wait : Interrupted system call (code=4) Sat Jul 28 09:36:12 2018 Closing TUN/TAP interface Sat Jul 28 09:36:12 2018 SIGINT[hard,] received, process exiting
View Attachment As Raw
Actions:
View
Attachments on
bug 23286
:
10296
| 10297