Hi all, Some people have expressed interest in ovpn-dco supporting AES-CBC.
However, since ovpn-dco is currently using the AEAD kernel crypto API only, introducing support for CBC mode would require quite some refactoring and we do not really want to do that (the community believes that as of now AEAD ciphers should always be preferred moving forward). In a previous discussion on this mailing list, it was highlighted that AES-CCM is nothing else than AES-CBC in disguise as AEAD cipher. (for the curious: it is AES "Counter with CBC-MAC", known as CCM and described in RFC3610). For this reason I decided to give AES-CCM a try and I implemented in it the "aes-ccm" branch of the ovpn-dco repo. I am not sure if we're going to merge it to master yet, but for now it would be interesting to gather feedback from those interested in this cipher. Please note that OpenVPN3 does not yet support this cipher, therefore the only way to test AES-CCM in ovpn-dco is to use the ovpn-cli tool provided in the tests/ folder. To do so, just specify "aes-ccm" as algorithm when setting a new key. Cheers, -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
