On 07/06/16 15:37, Samuli Seppänen wrote: > >> Hi, >> >> I have been trying to find a way to verify the Control Channel: TLSxxxx, >> cipher. >> >> The reason is because I was a bit dismayed to find this in my server >> log: >> " Deprecated TLS cipher name 'DHE-RSA-AES256-GCM-SHA384', >> please use IANA name 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384' " >> >> Obviously, specifying via --tls-cipher in the server config is the >> normal method, >> but if you have a list of ciphers or have not specified then many >> possible ciphers >> could be used. I do understand that openvpn will choose the best >> available cipher >> between peers and that in this case it was my mistake which was the >> cause. >> >> It seems to me it could be possible to write this value to the >> environment in >> order to query with a script. The only alternative I can currently >> think of >> is to grep "Control Channel: TLS" the server log .. but at verb 4 and >> having >> been running for many hours this option does not strike me as feasible. >> >> Is there any reason why this is not a reasonable idea ? >> Possible wish-list item .. >> >> Many thanks > > So you want to know which TLS cipher is being used, in cases where it > has not been specified explicitly? Did I understand you correctly? > Yes .. that is exactly right.
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
