Hi, On Wed, Nov 23, 2016 at 11:16:58PM +0100, Gert Doering wrote: > ACK. We made it :-)
I *did* find a way to break it, I think - haven't tested, need to sleep -
just copying what I wrote to IRC just now since everyone is asleep
already...
23:30 <@cron2> syzzer: I *do* have a potential way to use this to break things
23:30 <@cron2> server with NCP enabled, --cipher foo
23:30 <@cron2> client with NCP disabled, --cipher bar
23:30 <@cron2> server will now use "cipher bar", while client will do "cipher
foo"...
23:31 <@cron2> so I think we should do a "v6a amendment" which disables this on
the client if --ncp-disable is set (so 2.4 to 2.4 will either do
*real* NCP, or *no* NCP, but no half-assed two-way poorman)
23:31 <@cron2> this makes testing more annoying because you can't talk to a 2.4
server to test the client side :-) - but it's *meant* to be a
2.3<->2.4 migration feature
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
