Hi Gert,
On 25/07/16 22:04, Gert Doering wrote:
Hi,
has anyone ever used "--cipher" without an argument? If yes, what is the
intended usage? It sort of "tells openvpn we want crypto!" but does not
go into detail about it...
Normally, this would just be a random weird option, but I ran across
--cipher none --cipher
which first tells openvpn "nah, we do not want anything!" and sets
a pointer to NULL, and then tells openvpn "but please *do* use the
ciphers already setup!", which core dumps.
This is not remotely exploitable, so not a *security* issue, but a bit
stupid nonetheless - so I propose we just throw out "--cipher" with
no arguments (--cipher none, or --cipher bf-cbc would, of course,
continue to work).
Anyone having a good argument against it? JJK, do you happen to know
what this is about?
this is from even before my time ;)
I didn't even know that you could specify cipher without an argument -
let's disable this (and I assume the same is true for --auth ?)
JJK
