OPNsense Forum

English Forums => Virtual private networks => Topic started by: Linfern on March 18, 2023, 05:53:00 am

Title: New ciphers in OpenSense
Post by: Linfern on March 18, 2023, 05:53:00 am
Hello!
The question is: how can I add support for Russian GOST encryption algorithms to OpenSense?
What steps need to be taken for this?
Maybe someone has ready-made images for this.
Title: Re: New ciphers in OpenSense
Post by: meyergru on March 18, 2023, 12:10:37 pm
I bet this would be hard and I doubt anyone has done this:

1. Current OpnSense versions have dropped support for LibreSSL and rely on OpenSSL 1.1.1.
2. OpenSSL has dropped GOST support since 1.1.0 (https://techglimpse.com/solved-openssl-library-has-no-gost-support/ (https://techglimpse.com/solved-openssl-library-has-no-gost-support/)) - and for a good reason.

Before you bother to look into this, have a look at the cryptanalysis section here: https://en.wikipedia.org/wiki/GOST_(block_cipher)#Cryptanalysis_of_GOST (https://en.wikipedia.org/wiki/GOST_(block_cipher)#Cryptanalysis_of_GOST) - essentially, GOST is a weak cipher.