McLean IT Consulting

WORRY FREE IT SUPPORT

Call Us: 250-412-5050
  • About
  • Services
    • IT Infrastructure Design
    • Remote & Onsite IT Support
    • Disaster Recovery
    • IT System Monitoring
    • IT Audit
    • Documentation
    • Medical IT Solutions
    • Wireless Networks
    • Cloud Computing
    • Virtualization
  • Partners
    • Lenovo
    • Ubiquiti Networks
    • Dragon Medical Practice Edition (Nuance)
    • Synology
    • Drobo
    • Adobe
    • Bitdefender
    • NAKIVO
  • Contact
  • Blog
  • Remote Support

PSA: SWEET32 vulnerability in OpenVPN

December 8, 2016 By Andrew McLean Leave a Comment

According to a security release by OpenVPN back in August, OpenVPN is vulnerable to attack on 64-bit block ciphers, such as 3DES and Blowfish — the latter being the default cipher enabled by OpenVPN.

Synology users should also pay particular attention here since the service does not allow for choosing a cipher within the UI — users will be forced to turn to SSH to configure the service by command-line.

The gist of the security release is that BF-*, DES* (including 3DES variants), and RC2-* ciphers should no longer be used, and AES-*, CAMELLIA-*, or SEED-* should be used instead. Personally I would recommend AES-192 or AES-256 since they are considered secure enough government information classified “Top Secret”.

On a Synology box the configuration file is here:
/usr/syno/etc/packages/VPNCenter/openvpn/openvpn.conf

If you see a line that starts with “cipher” (without quotes), check to see which cipher it is using, and if necessary, swap it out for a more secure one.

Example:
cipher AES-256-CBC

It doesn’t really matter where you put this line.

Remember to also make an identical change to the client-side OpenVPN configuration. In my case I can edit the “Advanced” tab in my VPN settings of Viscosity. In the window there I can just put the same line of code to enable AES-256-CBC encryption/decryption.

Filed Under: Technology

Leave a Reply Cancel reply

You must be logged in to post a comment.

Contact Us

McLean IT Consulting Inc.
Serving Greater Victoria

P: 250-412-5050
E: info@mcleanit.ca
C: 250-514-2639

Featured Article

The Role Of IT In Early Adoption

Innovation is the key to so many success stories.  From the earliest fossil record showing crude tools made of stone, to the 21st century CEO picking … Continue Reading

Blog Categories

Our Services

  • IT Infrastructure Design
  • Remote & Onsite IT Support
  • Disaster Recovery
  • IT System Monitoring
  • IT Audit
  • Documentation
  • Medical IT Solutions
  • Wireless Networks
  • Cloud Computing
  • Virtualization

Our Mission

We seek to enrich and improve small and medium businesses by delivering best-in-class technology solutions, and offering a premier customer service experience. Contact Us Now!

Quick Menu

  • About
  • Testimonials
  • Contact
  • Blog
  • Sitemap

Copyright © 2026