24.06.2020 14:12, Arne Schwabe пишет:
There are openvpn 2.3 clients in 3g routers which are built without
ability to inform server about cipher, so server uses default cipher for
them,
in case you need to change default cipher on server you can't do this ,
because clients will not work, it is also impossible to change default
cipher on all clients at once,
so this is where ability to set default cipher on ccd helps. All these
are explained in ticket.
Thanks to patch author we were able to change default cipher without
downtime.
btw, we still run such routers but can't do the same procedure because
patch is not compatible with 2.4.9 if for some reason current cipher
will became nonsecure as blowfish.
Allowing to be able to specify ncp-fallback-cipher from my proposal per
ccd if no NCP could be performed would also fix your use case, right?
Yes, sure!
Thank you!
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
