Hi, On Thu, Oct 29, 2020 at 03:21:54PM +0100, Ralf Hildebrandt wrote: > tl;dr: client and server negotiate a GCM (Galois/Counter Mode) cipher > (AES-GCM), and those ciphers includes a HMAC, thus the specified AUTH > isn't really being used.
True, but this "config mismatch warning" stuff should actually
be checked before GCM is negotiated, so there *should* not be a
mismatch if both sides have it in their config.
We should not log annoying warnings unless there is something
actionable for the users ("stop using BF-CBC"), so this is something
we should look into fixing.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
