I have been working with OpenVPN, OpenSSL and OpenSSH for the past couple of weeks on my Raspberry Pi running Debian “Wheezy” which has been fun and frustrating at the same time.
Due to the version of OpenVPN included with “Wheezy” and OpenVPN that I was running on my client, I was having a heck of a time getting the TLS Cipher to match up between Server and Client in configuration.
I found a software patch written by someone on the OpenVPN Dev team and within it, it had a nice table showing the OpenSSL Cipher Suite Name and corresponding IANA Cipher Suite Name. Since I wasted hours trying to figure this out, I hope it will help someone else out and save them time.
TLS OpenSSL Cipher Suite Name | TLS IANA (IETF) Cipher Suite Name |
ADH-SEED-SHA | TLS-DH-anon-WITH-SEED-CBC-SHA |
AES128-GCM-SHA256 | TLS-RSA-WITH-AES-128-GCM-SHA256 |
AES128-SHA256 | TLS-RSA-WITH-AES-128-CBC-SHA256 |
AES128-SHA | TLS-RSA-WITH-AES-128-CBC-SHA |
AES256-GCM-SHA384 | TLS-RSA-WITH-AES-256-GCM-SHA384 |
AES256-SHA256 | TLS-RSA-WITH-AES-256-CBC-SHA256 |
AES256-SHA | TLS-RSA-WITH-AES-256-CBC-SHA |
CAMELLIA128-SHA256 | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
CAMELLIA128-SHA | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA |
CAMELLIA256-SHA256 | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
CAMELLIA256-SHA | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA |
DES-CBC3-SHA | TLS-RSA-WITH-3DES-EDE-CBC-SHA |
DES-CBC-SHA | TLS-RSA-WITH-DES-CBC-SHA |
DH-DSS-SEED-SHA | TLS-DH-DSS-WITH-SEED-CBC-SHA |
DHE-DSS-AES128-GCM-SHA256 | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 |
DHE-DSS-AES128-SHA256 | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 |
DHE-DSS-AES128-SHA | TLS-DHE-DSS-WITH-AES-128-CBC-SHA |
DHE-DSS-AES256-GCM-SHA384 | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 |
DHE-DSS-AES256-SHA256 | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 |
DHE-DSS-AES256-SHA | TLS-DHE-DSS-WITH-AES-256-CBC-SHA |
DHE-DSS-CAMELLIA128-SHA256 | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 |
DHE-DSS-CAMELLIA128-SHA | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA |
DHE-DSS-CAMELLIA256-SHA256 | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 |
DHE-DSS-CAMELLIA256-SHA | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA |
DHE-DSS-DES-CBC3-SHA | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA |
DHE-DSS-DES-CBC-SHA | TLS-DHE-DSS-WITH-DES-CBC-SHA |
DHE-DSS-SEED-SHA | TLS-DHE-DSS-WITH-SEED-CBC-SHA |
DHE-RSA-AES128-GCM-SHA256 | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 |
DHE-RSA-AES128-SHA256 | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 |
DHE-RSA-AES128-SHA | TLS-DHE-RSA-WITH-AES-128-CBC-SHA |
DHE-RSA-AES256-GCM-SHA384 | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 |
DHE-RSA-AES256-SHA256 | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 |
DHE-RSA-AES256-SHA | TLS-DHE-RSA-WITH-AES-256-CBC-SHA |
DHE-RSA-CAMELLIA128-SHA256 | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
DHE-RSA-CAMELLIA128-SHA | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA |
DHE-RSA-CAMELLIA256-SHA256 | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
DHE-RSA-CAMELLIA256-SHA | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA |
DHE-RSA-DES-CBC3-SHA | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA |
DHE-RSA-DES-CBC-SHA | TLS-DHE-RSA-WITH-DES-CBC-SHA |
DHE-RSA-SEED-SHA | TLS-DHE-RSA-WITH-SEED-CBC-SHA |
DH-RSA-SEED-SHA | TLS-DH-RSA-WITH-SEED-CBC-SHA |
ECDH-ECDSA-AES128-GCM-SHA256 | TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 |
ECDH-ECDSA-AES128-SHA256 | TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 |
ECDH-ECDSA-AES128-SHA | TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA |
ECDH-ECDSA-AES256-GCM-SHA384 | TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 |
ECDH-ECDSA-AES256-SHA256 | TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA256 |
ECDH-ECDSA-AES256-SHA384 | TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 |
ECDH-ECDSA-AES256-SHA | TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA |
ECDH-ECDSA-CAMELLIA128-SHA256 | TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 |
ECDH-ECDSA-CAMELLIA128-SHA | TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA |
ECDH-ECDSA-CAMELLIA256-SHA256 | TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA256 |
ECDH-ECDSA-CAMELLIA256-SHA | TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA |
ECDH-ECDSA-DES-CBC3-SHA | TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA |
ECDH-ECDSA-DES-CBC-SHA | TLS-ECDH-ECDSA-WITH-DES-CBC-SHA |
ECDH-ECDSA-RC4-SHA | TLS-ECDH-ECDSA-WITH-RC4-128-SHA |
ECDHE-ECDSA-AES128-GCM-SHA256 | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 |
ECDHE-ECDSA-AES128-SHA256 | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 |
ECDHE-ECDSA-AES128-SHA384 | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA384 |
ECDHE-ECDSA-AES128-SHA | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA |
ECDHE-ECDSA-AES256-GCM-SHA384 | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 |
ECDHE-ECDSA-AES256-SHA256 | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA256 |
ECDHE-ECDSA-AES256-SHA384 | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 |
ECDHE-ECDSA-AES256-SHA | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA |
ECDHE-ECDSA-CAMELLIA128-SHA256 | TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 |
ECDHE-ECDSA-CAMELLIA128-SHA | TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA |
ECDHE-ECDSA-CAMELLIA256-SHA256 | TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA256 |
ECDHE-ECDSA-CAMELLIA256-SHA | TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA |
ECDHE-ECDSA-DES-CBC3-SHA | TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA |
ECDHE-ECDSA-DES-CBC-SHA | TLS-ECDHE-ECDSA-WITH-DES-CBC-SHA |
ECDHE-ECDSA-RC4-SHA | TLS-ECDHE-ECDSA-WITH-RC4-128-SHA |
ECDHE-RSA-AES128-GCM-SHA256 | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 |
ECDHE-RSA-AES128-SHA256 | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 |
ECDHE-RSA-AES128-SHA384 | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA384 |
ECDHE-RSA-AES128-SHA | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA |
ECDHE-RSA-AES256-GCM-SHA384 | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 |
ECDHE-RSA-AES256-SHA256 | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA256 |
ECDHE-RSA-AES256-SHA384 | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 |
ECDHE-RSA-AES256-SHA | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA |
ECDHE-RSA-CAMELLIA128-SHA256 | TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
ECDHE-RSA-CAMELLIA128-SHA | TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA |
ECDHE-RSA-CAMELLIA256-SHA256 | TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
ECDHE-RSA-CAMELLIA256-SHA | TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA |
ECDHE-RSA-DES-CBC3-SHA | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA |
ECDHE-RSA-DES-CBC-SHA | TLS-ECDHE-RSA-WITH-DES-CBC-SHA |
ECDHE-RSA-RC4-SHA | TLS-ECDHE-RSA-WITH-RC4-128-SHA |
ECDH-RSA-AES128-GCM-SHA256 | TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256 |
ECDH-RSA-AES128-SHA256 | TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256 |
ECDH-RSA-AES128-SHA384 | TLS-ECDH-RSA-WITH-AES-128-CBC-SHA384 |
ECDH-RSA-AES128-SHA | TLS-ECDH-RSA-WITH-AES-128-CBC-SHA |
ECDH-RSA-AES256-GCM-SHA384 | TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384 |
ECDH-RSA-AES256-SHA256 | TLS-ECDH-RSA-WITH-AES-256-CBC-SHA256 |
ECDH-RSA-AES256-SHA384 | TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384 |
ECDH-RSA-AES256-SHA | TLS-ECDH-RSA-WITH-AES-256-CBC-SHA |
ECDH-RSA-CAMELLIA128-SHA256 | TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
ECDH-RSA-CAMELLIA128-SHA | TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA |
ECDH-RSA-CAMELLIA256-SHA256 | TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
ECDH-RSA-CAMELLIA256-SHA | TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA |
ECDH-RSA-DES-CBC3-SHA | TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA |
ECDH-RSA-DES-CBC-SHA | TLS-ECDH-RSA-WITH-DES-CBC-SHA |
ECDH-RSA-RC4-SHA | TLS-ECDH-RSA-WITH-RC4-128-SHA |
EDH-DSS-DES-CBC3-SHA | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA |
EDH-DSS-DES-CBC-SHA | TLS-DHE-DSS-WITH-DES-CBC-SHA |
EDH-RSA-DES-CBC3-SHA | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA |
EDH-RSA-DES-CBC-SHA | TLS-DHE-RSA-WITH-DES-CBC-SHA |
EXP-DES-CBC-SHA | TLS-RSA-EXPORT-WITH-DES40-CBC-SHA |
EXP-EDH-DSS-DES-CBC-SHA | TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA |
EXP-EDH-RSA-DES-CBC-SHA | TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA |
EXP-RC2-CBC-MD5 | TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5 |
EXP-RC4-MD5 | TLS-RSA-EXPORT-WITH-RC4-40-MD5 |
NULL-MD5 | TLS-RSA-WITH-NULL-MD5 |
NULL-SHA256 | TLS-RSA-WITH-NULL-SHA256 |
NULL-SHA | TLS-RSA-WITH-NULL-SHA |
PSK-3DES-EDE-CBC-SHA | TLS-PSK-WITH-3DES-EDE-CBC-SHA |
PSK-AES128-CBC-SHA | TLS-PSK-WITH-AES-128-CBC-SHA |
PSK-AES256-CBC-SHA | TLS-PSK-WITH-AES-256-CBC-SHA |
PSK-RC4-SHA | TLS-PSK-WITH-RC4-128-SHA |
RC4-MD5 | TLS-RSA-WITH-RC4-128-MD5 |
RC4-SHA | TLS-RSA-WITH-RC4-128-SHA |
SEED-SHA | TLS-RSA-WITH-SEED-CBC-SHA |
SRP-DSS-3DES-EDE-CBC-SHA | TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA |
SRP-DSS-AES-128-CBC-SHA | TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA |
SRP-DSS-AES-256-CBC-SHA | TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA |
SRP-RSA-3DES-EDE-CBC-SHA | TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA |
SRP-RSA-AES-128-CBC-SHA | TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA |
SRP-RSA-AES-256-CBC-SHA | TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA |