Hi, On Wed, Sep 30, 2020 at 03:13:06PM +0200, Arne Schwabe wrote: > Although we want to get rid of none as cipher, we still have not > deprecated it. In order to use it currently you need > --ncp-disable together with --cipher none to use the none cipher. > > In our current situation allowing none to be specified in data-ciphers > is the lesser evil. > > This commit also fixes that we use '[null-cipher]' instead 'none' when > setting remote_cipher > > Patch V2: Also work correctly if remote_cipher is NULL.
I was about to ACK-and-merge it, but it fails the "ping IPv4 with 3000 bytes" test, triggering 2020-10-04 15:10:58 us=638418 cron2-freebsd-tc-amd64/2001:608:0:814::f000:21 TCP/UDP packet too large on write to [AF_INET6]2001:608:0:814::f000:21:50629 (tried=1529,max=1526) on the server side. "Wat?" (I could speculate that this was always broken for --cipher none, but since you've made me add two new testcases for it, I want this to actually work...) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel