Hi
> On Mon, Aug 29, 2016 at 08:45:52PM +0200, Jan Just Keijser wrote:
>> uhoh: https://sweet32.info/
>>
>> shall we change the default cipher in the master tree to AES-256 (if not
>> done so already) ?
>
>
[…]
> OTOH, what we could do is: indeed *change+ the default, and add a big fat
> warning ("you have not specified a --cipher directive. The default has
> been changed from 2.3 to 2.4, so please ensure your config matches the
> other end" or something like that)
This seems like a good idea, maybe like so?
- A “default will change” warning on “2.3” when no chipher is selected
- When used, a “You are using 64 bit block ciphers and this is a bad idea”
message on 2.3 and 2.4
- AES-256-GCM as new default for 2.4
jens
>
> gert
------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
