Crypto features of OpenSSL and PolarSSL
As stated in the previous recipe, it has been possible to build OpenVPN using either the OpenSSL cryptographic library or the PolarSSL library since version 2.3. In this recipe, we will show what some of the key differences between the two cryptographic libraries are.
Getting ready
Set up the server certificate using the first recipe from Chapter 2, Client-server IP-only Networks. Use the client certificate and the intermediary CA certificate from the previous recipe. For this recipe, the computer was running Fedora 22 Linux and OpenVPN 2.3.10, built both for OpenSSL and for PolarSSL.
How to do it...
Start the regular version of OpenVPN with the
--show-ciphers
option:[root@server]# openvpn --show-ciphers
OpenVPN will now list all available ciphers, which can easily exceed 50 ciphers for OpenSSL 1.0+. The most common ciphers are:
BF-CBC 128 bit default key (variable) BF-CFB 128 bit default key (variable) (TLS client/server...) ...