> There are openvpn 2.3 clients in 3g routers which are built without > ability to inform server about cipher, so server uses default cipher for > them, > > in case you need to change default cipher on server you can't do this , > because clients will not work, it is also impossible to change default > cipher on all clients at once, > > so this is where ability to set default cipher on ccd helps. All these > are explained in ticket. > > Thanks to patch author we were able to change default cipher without > downtime. > > btw, we still run such routers but can't do the same procedure because > patch is not compatible with 2.4.9 if for some reason current cipher > will became nonsecure as blowfish. >
Allowing to be able to specify ncp-fallback-cipher from my proposal per ccd if no NCP could be performed would also fix your use case, right? Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
