Hi, On Mon, Aug 29, 2016 at 08:45:52PM +0200, Jan Just Keijser wrote: > uhoh: https://sweet32.info/ > > shall we change the default cipher in the master tree to AES-256 (if not > done so already) ?
If a master client talks to a master server, they will negotiate AES-256
automatically, so it's not strictly needed to change the default.
I would advise against changing the default, though - it would break
people's config if talking to older servers and not having an explicit
"cipher blowfish" in their config.
OTOH, what we could do is: indeed *change+ the default, and add a big fat
warning ("you have not specified a --cipher directive. The default has
been changed from 2.3 to 2.4, so please ensure your config matches the
other end" or something like that)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
