Hi, On Mon, Jun 19, 2023 at 02:26:01PM +0200, Giulio wrote: > I found this difference in the service script and I was wondering > whether I should use it "as is" or maybe rebuild the RPM w/o that patch > in order to let openvpn use its default crypto settings.
I think this should go. It's likely a leftover from the dawn of times
(like, 2.4 era).
2.6 will not advertise or use BF-CBC by itself, defaulting to the
AES-GCM + CHACHA (if available) ciphers, negotiating between client
and server what is available.
As in: with 2.5 and 2.6, --cipher and --data-ciphers usually should not
be touched, except if needed to be compatible with pre-2.4 clients that
default to BF-CBC and can not negotiate something else.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
