> -----Original Message----- > From: 'Victor Wagner' [mailto:vi...@wagner.pp.ru] ... > As far as I can see, openvpn can be thoroughly tested in automated > fashion. I have some test farm with half a hundred various > OSes (Linux, > Windows, Solaris, FreeBSD on several architectures), and planning to > do some openvpn testing for this platform anyway. > > If people would suggest me which things to test, I'll try to implement > it in the automated test environment. > > > > I'm curious as to why you want this support specifically, > since these > > modes aren't really faster than CBC. Are you concerned about the > > padding? > > I've stated it clearly. There is no CBC in the Russian > National Standard > for symmetric ciphers. CFB is standartized, CNT is > standartized, CBC is > not. So, if I want my VPNs to be considered secure by goverment > certification authorites, I have to use CFB or CNT.
Gotcha; sorry for asking a redundant question. I'm not familiar with the automated test system, but possibly if you ran that then the devs would accept the results and enable those ciphers. Barring admission of the enablement into the official code base, would it be a bad idea for you to build your version with the support of the stream versions and use that? Provided that you tests ran fine? -dave
