Hi, On 18/08/2021 23:33, Arne Schwabe wrote: > Most TLS 1.3 libraries inlcude the Chacha20-Poly1305 based cipher suite > beside the AES-GCM based ones int he list of default ciphers suites. > Chacha20-Poly1305 is accepted as good alternative AEAD algorithm to the > AES-GCM algorithm by crypto community. > > Follow this and include Chacha20-Poly1305 by default in data-ciphers > when available. This makes picking Chacha20-Poly1305 easier as it only > requires to change server (by changing priority) or client side (removing > AES-GCM from data-ciphers) to change to Chacha20-Poly1305. > > Signed-off-by: Arne Schwabe <[email protected]>
Not sure why this is 2/2 as it seems unrelated to 1/2. Indeed I applied and reviewed this patch alone. It does what it says and imho it is pretty clean. Tested with a client that connects against a server having default ciphers. The client, if willing, can specify chacha20poly1305 only and connect with it. This is a sensible change which IMHO will make a lot of people happy. Acked-by: Antonio Quartulli <[email protected]> -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
