openvpn isn't able to use BF-CBC cipher (the default, by the way) when openssl-0.9.7j is installed. It's working with openssl-0.9.7i Portage 2.1 (default-linux/x86/2006.0, gcc-4.1.1/vanilla, glibc-2.4-r3, 2.6.16-gentoo-r9 i686) ================================================================= System uname: 2.6.16-gentoo-r9 i686 Genuine Intel(R) CPU T2300 @ 1.66GHz Gentoo Base System version 1.12.1 ccache version 2.4 [enabled] dev-lang/python: 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r2 dev-util/confcache: 0.4.2-r1 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r2 sys-devel/gcc-config: [Not Present] sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r5 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium-m -msse3 -funroll-loops" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf" CXXFLAGS="-O2 -march=pentium-m -msse3 -funroll-loops" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache confcache distlocks fixpackages metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ " LDFLAGS="-Wl,-O1" LINGUAS="de" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/overlays/gentoo-de /usr/local/portage /usr/local/xgl-coffee" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X a52 aac aalib ac3 acpi alsa arts audiofile avi berkdb bluetooth browserplugin bzip2 cairo cdparanoia cdr cjk cli crypt cups curl dri dvd dvdr dvdread encode exif fam fbcon ffmpeg firefox flac foomaticdb fortran gif glitz gpm gtk gtk2 hal iconv icq idn ieee1394 imagemagick imap imlib isdnlog jabber java jpeg kde kdeenablefinal kqemu lcms libg++ libwww mad matroska mime mmx mmxext mng motif mp3 mpeg mplayer msn mysql ncurses nls nptl nptlonly nsplugin nvidia ogg opengl pam pcmcia pcre pda pdf perl png pppd python qt quicktime readline reflection ruby samba sdl session smp softmmu speex spl sse sse2 ssl svg tcltk tcpd theora threads tidy tiff truetype truetype-fonts type1-fonts udev unicode usb userlocales utf8 v4l v4l2 vorbis win32codecs xcomposite xine xml xml2 xorg xv xvid xvmc yahoo zlib elibc_glibc input_devices_keyboard input_devices_mouse input_devices_synaptics kernel_linux linguas_de userland_GNU video_cards_nvidia video_cards_nv" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_RSYNC_EXTRA_OPTS
Please attach output of the following strings /usr/lib/libcrypto.so.0.9.7 | grep BF
Sorry, I don't know what was wrong, but after downgrading to 0.9.7i and upgrading again to 0.9.7j (in order to get the info you requested), BF-CBC is available for openvpn again. *CONFUSED*
Interesting development... http://bugs.gentoo.org/show_bug.cgi?id=138484