Hi, On Mon, Aug 29, 2016 at 08:45:52PM +0200, Jan Just Keijser wrote: > uhoh: https://sweet32.info/ > > shall we change the default cipher in the master tree to AES-256 (if not > done so already) ?
If a master client talks to a master server, they will negotiate AES-256
automatically, so it's not strictly needed to change the default.
I would advise against changing the default, though - it would break
people's config if talking to older servers and not having an explicit
"cipher blowfish" in their config.
OTOH, what we could do is: indeed *change+ the default, and add a big fat
warning ("you have not specified a --cipher directive. The default has
been changed from 2.3 to 2.4, so please ensure your config matches the
other end" or something like that)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
