Attention is currently required from: Bluca, selvanair. plaisthos has posted comments on this change by Bluca. ( http://gerrit.openvpn.net/c/openvpn/+/1622?usp=email )
Change subject: Add new helpers to handle key exchange (S_SENT_KEY/S_START) with large passwords ...................................................................... Patch Set 1: (2 comments) Patchset: PS1: > Sorry, I don't really follow. […] The TLS layer uses TLS records for framing and OpenVPN currently relies on TLS records for its own framing. Not many protocols do this and this also causes problem, ie when you enable record splitting. And your patch basically decides to break this assumption but only for the key2 related methods, which is in my opinion quite hacky. And that why I am saying that we need a proper patch/negotiation to overcome this limit instead. But I get the feeling that you are not really interested in any solution that would actually improve on the OpenVPN protocol to implement longer username/password if it is not compatible with the approach that Microsoft has decided to take. PS1: > Sure, but that's 2 years old and included in LTS distros, eg. Ubuntu 24. […] You might not care about compatibility, interoperability and behaviour of modern clients with older servers and vice versa but we care and we have take that into account. And "that's 2 years old" is way shorter than we care about. We still maintain compatibility with OpenVPN 2.2 server and clients and people are still using a lot of OpenVPN 2.4/OpenVPN 2.5. And that your patch allows triggering very erratic behaviour with these older version is not a good thing. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1622?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I055c64ca8b23066e70eea7d7deddfb14f5354c5f Gerrit-Change-Number: 1622 Gerrit-PatchSet: 1 Gerrit-Owner: Bluca <[email protected]> Gerrit-Reviewer: plaisthos <[email protected]> Gerrit-Reviewer: selvanair <[email protected]> Gerrit-CC: openvpn-devel <[email protected]> Gerrit-Attention: Bluca <[email protected]> Gerrit-Attention: selvanair <[email protected]> Gerrit-Comment-Date: Tue, 07 Apr 2026 11:54:13 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos <[email protected]> Comment-In-Reply-To: Bluca <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
