Hi Gert, Because there is HW crypto engine in some embedded devices, the crypto engine maybe only supports hmac-sha256-cbc-aes.
Tony Gert Doering <g...@greenie.muc.de> 于2020年11月26日周四 下午4:56写道: > Hi, > > On Thu, Nov 26, 2020 at 04:53:14PM +0800, Tony He wrote: > > Understood. We have dicussed this in the OpenWRT forum. Maybe some kind > > OpenWRT guys will implement aead hmac-sha256-cbc-aes > > for ovpn-dco module in the future. > > Why? If you do AES in the first place, all numbers I have seen so far > say "AES-GCM modes are faster / use less CPU = battery". And, less > overhead on the wire. > > And on non-intel devices, CHACHA-POLY, because there is ARM acceleration. > > gert > > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never > doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh > Mistress > > Gert Doering - Munich, Germany > g...@greenie.muc.de >
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
