Hi, On Wed, Mar 18, 2020 at 01:31:41PM +0100, Ralf Hildebrandt wrote: > What are the current "state of the art" settings for cipher & auth? > My current gateway is using: > > cipher AES-256-CBC > auth SHA256
AES-256-GCM is what you want, because it's less overhead than -CBC+SHA
(AEAD, crypt-and-hash in one go)
And, if all your systems are 2.4+ and you do not change --ncp-disable or
--ncp-ciphers, is what you get automatically anyway. :-)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
