Hi, thanks for fixing the ifdef condition! Tested again and it works as expected between two clients when disabling NCP and setting CHACHA20-POLY1305 as cipher:
Mon Oct 8 17:11:36 2018 us=670345 127.0.0.1 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key Mon Oct 8 17:11:36 2018 us=670351 127.0.0.1 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key On 08/10/18 06:30, Steffan Karger wrote: > We explicitly only supported GCM as a valid AEAD mode, change that to also > allow ChaCha20-Poly1305 as an AEAD cipher. That works nicely with our new > (GCM) data channel format, because is has the same 96-bit IV. > > Note that we need some tricks to not treat the cipher as insecure, because > we used to only look at the block size of a cipher to determine if find a > cipher insecure. But ChaCha20-Poly1305 is a stream cipher, which essentially > has a 'block size' of 1 byte and is reported as such. So, special-case this > cipher to be in the list of secure ciphers. > > Signed-off-by: Steffan Karger <stef...@karger.me> > --- > v2: code style fixes, remove unneeded version check Acked-by: Antonio Quartulli <anto...@openvpn.net> Cheers, -- Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
