Deprecate non TLS mode in OpenVPN

The non-TLS mode is a relict from OpenVPN 1.x or 2.0. When TLS mode was
introduced the advantages of TLS over non-TLS were small but TLS mode
evolved to include a lot more features (NCP, multipeer, AEAD ciphers to
name a few).

Today VPN setups that use --secret are mainly used because this mode is
easier to setup and does not require setting up a PKI.  This shortcoming
of TLS mode should be addressed now with the peer-fingerprint option.

The primary reason to deprecate --secret is that it is not secure enough
anymore for modern environments.  This mode uses a fixed pre-shared key and
no session keys.  Thus, no forward secrecy is possible, which means that
any captured VPN traffic can be decrypted later should the --secret key
get into the wrong hands.  The cryptography overall used here was okay
when --secret was introduced but is not acceptable by today's standard
anymore.

Finally, modern hardware-accelerated crypto modes like AES-GCM can only
be used in TLS mode (due to IV requirements).

Patch V2: Improve commit message

Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210328090530.10653-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21868.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/Changes.rst b/Changes.rst
index c8abbb2ce3538ba4c917d3198dada5666f872cdc..457dfc07eb6e696cda02998534ad60460cd017c8 100644 (file)
--- a/Changes.rst
+++ b/Changes.rst
@@ -41,6 +41,12 @@ Deprecated features
     This option has very limited usefulness and should be replaced by either
     a better ``--ca`` configuration or with a ``--tls-verify`` script.
 
+``secret`` has been deprecated
+    static key mode (non-TLS) is no longer considered "good and secure enough"
+    for today's requirements.  Use TLS mode instead.  If deploying a PKI CA
+    is considered "too complicated", using ``--peer-fingerprint`` makes
+    TLS mode about as easy as using ``--secret``.
+
 Overview of changes in 2.5
 ==========================
 

diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst
index 01789e584c24827aa17b91cd6275b0dd1cfd20e6..4b6928c68fb380198ea456e76c98bba5998e7ec2 100644 (file)
--- a/doc/man-sections/protocol-options.rst
+++ b/doc/man-sections/protocol-options.rst
@@ -235,7 +235,7 @@ configured in a compatible way between both the local and remote side.
   disables cipher negotiation.
 
 --secret args
-  Enable Static Key encryption mode (non-TLS). Use pre-shared secret
+  **DEPRECATED** Enable Static Key encryption mode (non-TLS). Use pre-shared secret
   ``file`` which was generated with ``--genkey``.
 
   Valid syntaxes:

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 4588b4d93408ca7793ce89969daa698ef773bf36..0aa891d98f0d6378b334829fb0ce9ed7705c47b8 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -514,7 +514,7 @@ static const char usage_message[] =
     "\n"
     "Data Channel Encryption Options (must be compatible between peers):\n"
     "(These options are meaningful for both Static Key & TLS-mode)\n"
-    "--secret f [d]  : Enable Static Key encryption mode (non-TLS).\n"
+    "--secret f [d]  : (DEPRECATED) Enable Static Key encryption mode (non-TLS).\n"
     "                  Use shared secret file f, generate with --genkey.\n"
     "                  The optional d parameter controls key directionality.\n"
     "                  If d is specified, use separate keys for each\n"
@@ -2564,6 +2564,15 @@ options_postprocess_verify_ce(const struct options *options,
         msg(M_USAGE, "specify only one of --tls-server, --tls-client, or --secret");
     }
 
+    if (!options->tls_server || !options->tls_client)
+    {
+        msg(M_INFO, "DEPRECATION: No tls-client or tls-server option in "
+                    "configuration detected. OpenVPN 2.7 will remove the "
+                    "functionality to run a VPN without TLS. "
+                    "See the examples section in the manual page for "
+                    "examples of a similar quick setup with peer-fingerprint.");
+    }
+
     if (options->ssl_flags & (SSLF_CLIENT_CERT_NOT_REQUIRED|SSLF_CLIENT_CERT_OPTIONAL))
     {
         msg(M_WARN, "WARNING: POTENTIALLY DANGEROUS OPTION "
@@ -7903,6 +7912,7 @@ add_option(struct options *options,
     }
     else if (streq(p[0], "secret") && p[1] && !p[3])
     {
+        msg(M_WARN, "DEPRECATED OPTION: The option --secret is deprecated.");
         VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_INLINE);
         options->shared_secret_file = p[1];
         options->shared_secret_file_inline = is_inline;