Hi Gert,
thank you for your comments. My intention was not to add a second cipher
line in the sample config file. I added "cipher AES-256-CBC" to an
earlier version of OpenVPN when there was no cipher specified in the
loopback-client and loopback-server files. After rebasing my commit onto
master I didn't notice the double cipher lines in the config files. I
will remove this in my next patch as wolfSSL does support GCM mode but
not yet in the compatibility layer.
I will add GCM support to our compatibility layer and send an updated
signed-off patch with a better commit message explaining what is
happening in the patch.
Thanks
Juliusz
On 08/02/2020 09:45, Gert Doering wrote:
Hi Juliusz,
please send patches out of a git tree, coming from a git commit with
"git commit -s", and having a somewhat relevant commit message.
Besides this, please do not
--- a/sample/sample-config-files/loopback-client
+++ b/sample/sample-config-files/loopback-client
@@ -25,3 +25,4 @@ tls-auth sample-keys/ta.key 1
cipher AES-256-GCM
ping 1
inactive 120 10000000
+cipher AES-256-CBC
... modify the sample config files (and *if* you do, do not just add
a second cipher line, which will confuse users quite a bit).
If WolfSSL does not support GCM, this needs to be documented, but our
sample config files contain the recommended cipher for the existing
crypto systems, and this is (and will continue to be for the time)
GCM - faster, and lower overhead.
gert
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel