Hi, On Wed, Sep 30, 2020 at 03:13:06PM +0200, Arne Schwabe wrote: > Although we want to get rid of none as cipher, we still have not > deprecated it. In order to use it currently you need > --ncp-disable together with --cipher none to use the none cipher. > > In our current situation allowing none to be specified in data-ciphers > is the lesser evil. > > This commit also fixes that we use '[null-cipher]' instead 'none' when > setting remote_cipher > > Patch V2: Also work correctly if remote_cipher is NULL.
I was about to ACK-and-merge it, but it fails the "ping IPv4 with 3000 bytes"
test, triggering
2020-10-04 15:10:58 us=638418 cron2-freebsd-tc-amd64/2001:608:0:814::f000:21
TCP/UDP packet too large on write to [AF_INET6]2001:608:0:814::f000:21:50629
(tried=1529,max=1526)
on the server side.
"Wat?"
(I could speculate that this was always broken for --cipher none, but
since you've made me add two new testcases for it, I want this to actually
work...)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
