I have been working with OpenVPN, OpenSSL and OpenSSH for the past couple of weeks on my Raspberry Pi running Debian “Wheezy” which has been fun and frustrating at the same time.
Due to the version of OpenVPN included with “Wheezy” and OpenVPN that I was running on my client, I was having a heck of a time getting the TLS Cipher to match up between Server and Client in configuration.
I found a software patch written by someone on the OpenVPN Dev team and within it, it had a nice table showing the OpenSSL Cipher Suite Name and corresponding IANA Cipher Suite Name. Since I wasted hours trying to figure this out, I hope it will help someone else out and save them time.
| TLS OpenSSL Cipher Suite Name | TLS IANA (IETF) Cipher Suite Name |
| ADH-SEED-SHA | TLS-DH-anon-WITH-SEED-CBC-SHA |
| AES128-GCM-SHA256 | TLS-RSA-WITH-AES-128-GCM-SHA256 |
| AES128-SHA256 | TLS-RSA-WITH-AES-128-CBC-SHA256 |
| AES128-SHA | TLS-RSA-WITH-AES-128-CBC-SHA |
| AES256-GCM-SHA384 | TLS-RSA-WITH-AES-256-GCM-SHA384 |
| AES256-SHA256 | TLS-RSA-WITH-AES-256-CBC-SHA256 |
| AES256-SHA | TLS-RSA-WITH-AES-256-CBC-SHA |
| CAMELLIA128-SHA256 | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
| CAMELLIA128-SHA | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA |
| CAMELLIA256-SHA256 | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
| CAMELLIA256-SHA | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA |
| DES-CBC3-SHA | TLS-RSA-WITH-3DES-EDE-CBC-SHA |
| DES-CBC-SHA | TLS-RSA-WITH-DES-CBC-SHA |
| DH-DSS-SEED-SHA | TLS-DH-DSS-WITH-SEED-CBC-SHA |
| DHE-DSS-AES128-GCM-SHA256 | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 |
| DHE-DSS-AES128-SHA256 | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 |
| DHE-DSS-AES128-SHA | TLS-DHE-DSS-WITH-AES-128-CBC-SHA |
| DHE-DSS-AES256-GCM-SHA384 | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 |
| DHE-DSS-AES256-SHA256 | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 |
| DHE-DSS-AES256-SHA | TLS-DHE-DSS-WITH-AES-256-CBC-SHA |
| DHE-DSS-CAMELLIA128-SHA256 | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 |
| DHE-DSS-CAMELLIA128-SHA | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA |
| DHE-DSS-CAMELLIA256-SHA256 | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 |
| DHE-DSS-CAMELLIA256-SHA | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA |
| DHE-DSS-DES-CBC3-SHA | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA |
| DHE-DSS-DES-CBC-SHA | TLS-DHE-DSS-WITH-DES-CBC-SHA |
| DHE-DSS-SEED-SHA | TLS-DHE-DSS-WITH-SEED-CBC-SHA |
| DHE-RSA-AES128-GCM-SHA256 | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 |
| DHE-RSA-AES128-SHA256 | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 |
| DHE-RSA-AES128-SHA | TLS-DHE-RSA-WITH-AES-128-CBC-SHA |
| DHE-RSA-AES256-GCM-SHA384 | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 |
| DHE-RSA-AES256-SHA256 | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 |
| DHE-RSA-AES256-SHA | TLS-DHE-RSA-WITH-AES-256-CBC-SHA |
| DHE-RSA-CAMELLIA128-SHA256 | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
| DHE-RSA-CAMELLIA128-SHA | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA |
| DHE-RSA-CAMELLIA256-SHA256 | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
| DHE-RSA-CAMELLIA256-SHA | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA |
| DHE-RSA-DES-CBC3-SHA | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA |
| DHE-RSA-DES-CBC-SHA | TLS-DHE-RSA-WITH-DES-CBC-SHA |
| DHE-RSA-SEED-SHA | TLS-DHE-RSA-WITH-SEED-CBC-SHA |
| DH-RSA-SEED-SHA | TLS-DH-RSA-WITH-SEED-CBC-SHA |
| ECDH-ECDSA-AES128-GCM-SHA256 | TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 |
| ECDH-ECDSA-AES128-SHA256 | TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 |
| ECDH-ECDSA-AES128-SHA | TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA |
| ECDH-ECDSA-AES256-GCM-SHA384 | TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 |
| ECDH-ECDSA-AES256-SHA256 | TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA256 |
| ECDH-ECDSA-AES256-SHA384 | TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 |
| ECDH-ECDSA-AES256-SHA | TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA |
| ECDH-ECDSA-CAMELLIA128-SHA256 | TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 |
| ECDH-ECDSA-CAMELLIA128-SHA | TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA |
| ECDH-ECDSA-CAMELLIA256-SHA256 | TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA256 |
| ECDH-ECDSA-CAMELLIA256-SHA | TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA |
| ECDH-ECDSA-DES-CBC3-SHA | TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA |
| ECDH-ECDSA-DES-CBC-SHA | TLS-ECDH-ECDSA-WITH-DES-CBC-SHA |
| ECDH-ECDSA-RC4-SHA | TLS-ECDH-ECDSA-WITH-RC4-128-SHA |
| ECDHE-ECDSA-AES128-GCM-SHA256 | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 |
| ECDHE-ECDSA-AES128-SHA256 | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 |
| ECDHE-ECDSA-AES128-SHA384 | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA384 |
| ECDHE-ECDSA-AES128-SHA | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA |
| ECDHE-ECDSA-AES256-GCM-SHA384 | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 |
| ECDHE-ECDSA-AES256-SHA256 | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA256 |
| ECDHE-ECDSA-AES256-SHA384 | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 |
| ECDHE-ECDSA-AES256-SHA | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA |
| ECDHE-ECDSA-CAMELLIA128-SHA256 | TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 |
| ECDHE-ECDSA-CAMELLIA128-SHA | TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA |
| ECDHE-ECDSA-CAMELLIA256-SHA256 | TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA256 |
| ECDHE-ECDSA-CAMELLIA256-SHA | TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA |
| ECDHE-ECDSA-DES-CBC3-SHA | TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA |
| ECDHE-ECDSA-DES-CBC-SHA | TLS-ECDHE-ECDSA-WITH-DES-CBC-SHA |
| ECDHE-ECDSA-RC4-SHA | TLS-ECDHE-ECDSA-WITH-RC4-128-SHA |
| ECDHE-RSA-AES128-GCM-SHA256 | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 |
| ECDHE-RSA-AES128-SHA256 | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 |
| ECDHE-RSA-AES128-SHA384 | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA384 |
| ECDHE-RSA-AES128-SHA | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA |
| ECDHE-RSA-AES256-GCM-SHA384 | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 |
| ECDHE-RSA-AES256-SHA256 | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA256 |
| ECDHE-RSA-AES256-SHA384 | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 |
| ECDHE-RSA-AES256-SHA | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA |
| ECDHE-RSA-CAMELLIA128-SHA256 | TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
| ECDHE-RSA-CAMELLIA128-SHA | TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA |
| ECDHE-RSA-CAMELLIA256-SHA256 | TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
| ECDHE-RSA-CAMELLIA256-SHA | TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA |
| ECDHE-RSA-DES-CBC3-SHA | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA |
| ECDHE-RSA-DES-CBC-SHA | TLS-ECDHE-RSA-WITH-DES-CBC-SHA |
| ECDHE-RSA-RC4-SHA | TLS-ECDHE-RSA-WITH-RC4-128-SHA |
| ECDH-RSA-AES128-GCM-SHA256 | TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256 |
| ECDH-RSA-AES128-SHA256 | TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256 |
| ECDH-RSA-AES128-SHA384 | TLS-ECDH-RSA-WITH-AES-128-CBC-SHA384 |
| ECDH-RSA-AES128-SHA | TLS-ECDH-RSA-WITH-AES-128-CBC-SHA |
| ECDH-RSA-AES256-GCM-SHA384 | TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384 |
| ECDH-RSA-AES256-SHA256 | TLS-ECDH-RSA-WITH-AES-256-CBC-SHA256 |
| ECDH-RSA-AES256-SHA384 | TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384 |
| ECDH-RSA-AES256-SHA | TLS-ECDH-RSA-WITH-AES-256-CBC-SHA |
| ECDH-RSA-CAMELLIA128-SHA256 | TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
| ECDH-RSA-CAMELLIA128-SHA | TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA |
| ECDH-RSA-CAMELLIA256-SHA256 | TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
| ECDH-RSA-CAMELLIA256-SHA | TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA |
| ECDH-RSA-DES-CBC3-SHA | TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA |
| ECDH-RSA-DES-CBC-SHA | TLS-ECDH-RSA-WITH-DES-CBC-SHA |
| ECDH-RSA-RC4-SHA | TLS-ECDH-RSA-WITH-RC4-128-SHA |
| EDH-DSS-DES-CBC3-SHA | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA |
| EDH-DSS-DES-CBC-SHA | TLS-DHE-DSS-WITH-DES-CBC-SHA |
| EDH-RSA-DES-CBC3-SHA | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA |
| EDH-RSA-DES-CBC-SHA | TLS-DHE-RSA-WITH-DES-CBC-SHA |
| EXP-DES-CBC-SHA | TLS-RSA-EXPORT-WITH-DES40-CBC-SHA |
| EXP-EDH-DSS-DES-CBC-SHA | TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA |
| EXP-EDH-RSA-DES-CBC-SHA | TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA |
| EXP-RC2-CBC-MD5 | TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5 |
| EXP-RC4-MD5 | TLS-RSA-EXPORT-WITH-RC4-40-MD5 |
| NULL-MD5 | TLS-RSA-WITH-NULL-MD5 |
| NULL-SHA256 | TLS-RSA-WITH-NULL-SHA256 |
| NULL-SHA | TLS-RSA-WITH-NULL-SHA |
| PSK-3DES-EDE-CBC-SHA | TLS-PSK-WITH-3DES-EDE-CBC-SHA |
| PSK-AES128-CBC-SHA | TLS-PSK-WITH-AES-128-CBC-SHA |
| PSK-AES256-CBC-SHA | TLS-PSK-WITH-AES-256-CBC-SHA |
| PSK-RC4-SHA | TLS-PSK-WITH-RC4-128-SHA |
| RC4-MD5 | TLS-RSA-WITH-RC4-128-MD5 |
| RC4-SHA | TLS-RSA-WITH-RC4-128-SHA |
| SEED-SHA | TLS-RSA-WITH-SEED-CBC-SHA |
| SRP-DSS-3DES-EDE-CBC-SHA | TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA |
| SRP-DSS-AES-128-CBC-SHA | TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA |
| SRP-DSS-AES-256-CBC-SHA | TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA |
| SRP-RSA-3DES-EDE-CBC-SHA | TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA |
| SRP-RSA-AES-128-CBC-SHA | TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA |
| SRP-RSA-AES-256-CBC-SHA | TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA |