Leaderboard

Logs. Here's an example. 2022-09-29 21:56:00 Data Channel: using negotiated cipher 'AES-256-GCM' 2022-09-29 21:56:00 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2022-09-29 21:56:00 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Here, the traffic is encrypted using AES-256-GCM. This is negotiated, negotiation is default behavior, but one can explicitly set certain ciphers. They are found on the Specs page. If in doubt, OpenVPN always negotiates AES-256-GCM unless you're running a very old OpenVPN version, then it's CBC.

Actually an interesting question. I've never seen a list of available instruction sets in Apple's Bionic chips. All I know is, they're ARM with a big/little CPU design (that is, part high-clocking CPUs for performance, part low-clocking CPUs for economy) and the newer devices have an ARMv8 CPU. I'd assume with the latter that AES is part of it, so the choice of AES makes sense. You could put this to the test yourself, I think. Connect with both OpenVPN and Wireguard, download something being connected to the same server and keep an eye on CPU usage. That's the idea, can't really help you further than that. I'd correct this to "AES is for devices with AES-supporting CPUs", which is PCs from ~2010 and embedded devices from ~2020. For instance, my phone is aarch64 supporting the AES set, too, so I prefer an AES cipher over ChaCha20. Since I very rarely use a VPN on my phone, I don't have extensive insight on which is better (and for what). But I tend to agree that ChaCha20 is better suited on older models, both security and performance-wise.

Both OpenVPN and Wireguard don't reinvent the wheel here, they do use the ciphers coded somewhere else, which is exactly why OpenSSL is a dependency. So no, it's not limited to OpenVPN or Wireguard.