-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 18/01/17 18:19, debbie10t wrote: > Hi, > > I have following config: > > > ** Server Win10 (as per default generally) v2.4.0 with --auth > *RSA-SHA512* --ncp-disable > > Log file shows: > > Wed Jan 18 17:04:34 2017 us=914797 Outgoing Control Channel > Authentication: Using 512 bit message hash '*SHA512*' for HMAC > authentication Wed Jan 18 17:04:34 2017 us=914797 Incoming Control > Channel Authentication: Using 512 bit message hash '*SHA512*' for > HMAC authentication > > > ** Client Linux (as per default generally) v2.4.0 with --auth > *RSA-SHA512* > > Log file shows: > > Wed Jan 18 17:05:00 2017 us=778089 Outgoing Control Channel > Authentication: Using 512 bit message hash '*SHA512*' for HMAC > authentication Wed Jan 18 17:05:00 2017 us=778182 Incoming Control > Channel Authentication: Using 512 bit message hash '*SHA512*' for > HMAC authentication > > The connection works but .. > > Because there is another digest called SHA512 why does the log > *not* reflect the config correctly ? eg: hash '*RSA-SHA512*' > > (This had me very confused for sometime today)
I am on thin ice here, as I've not dug much into the naming schemes of the various algorithms. But ... I am fairly confident the hashing reference in the log refers purely to the hashing algorithm, which most commonly is MD* or SHA* variants (there are a few exceptions). And as I understand the code, the RSA-* stuff is just ignored, as that is not used by by HMAC functions in our code. So using --auth SHA512 would provide the same result. - -- kind regards, David Sommerseth OpenVPN Technologies, Inc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJYf79HAAoJEIbPlEyWcf3yGm4P/RxyydWvK/kWuMFxOS7aGjx8 HhTB1eDep41eQTNyN6PJFExq3Be4B4Meo30tPqEbDuUGhZuvPYQb/04UET8vYgku 1XxqXA8OoTlk6cKU+hrj/ISClAAR3yd1ma2cfAMj5+ltS4mGzz8pPyKXxvIM7d++ gYiQyNb7Nu/oYN+TWDM0JZdIHWC9pUByugUoHmqhnBI79pQGjMfbtvdGFDFV70n4 jtXXJ6WIGunrW65zLRKGxuVd4K7cc9Aic259CcsVvIiarryEEtQt1ZbJBOm2O05v J5C+vynO1Ixcvq6wbVdmsnBrsjtK9BylVHB7oll3GX4axOn1S9AjC6DWDztsGbhL zzzKioIhv2dmB2OgufUXr6jMxWgWkvtcw4FspyzrUh1LbqaSd2iUiSnieB5fd7C4 z78zKznNGBQaqvRtH38aMRBH6vNrYZVM2bE05C7G5Vn0/xsPzrNt52FMMuKfgDMf eftK1JwbMjicLmbONmVDb2mEZewW/l0d8YkaFc74k1OXU5Kr+YP+jRSyHmHfLh6m eT+qgX/aUuUhWD98v1AiG1C6SqK9f1AaZuFh6BzpMVHmXUXaGAnrO5fgj1aJmnnI WLbqwSYY4ejAkubr0f2+dmcic2JTIhAwKF8wObGSrfE9kLgO5GM4TRMiUHwJplDD cdepFIgOVDQQhxA17EqD =bXK1 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
