Hi, On Wed, Jul 22, 2020 at 11:32:06PM +1200, Richard Hector wrote: > > cipher aes-256-gcm [..] > > > - in this mode, NCP is disabled and hence you would not get GCM > > encrpytion - thus you need to specify it explicitly. > > I wasn't familiar with either of those. It seems NCP isn't needed > because I'm configuring both sides explicitly. Is GCM something I need?
GCM is something you want, and already have ("cipher aes-256-gcm") -
"crypt-and-auth in one pass, and with AES-NI enabled CPUs, basically
'for free'".
NCP is "negotiable cipher protosomething", which is a client-server thing,
for "real" client-server (--client + --server, not p2p with --tls-client
and --tls-server). This really is for "I have hundreds of clients talking
to one server, and the server needs to be in control of all options" stuff.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
