Hi,
On 05/11/2021 16:07, Arne Schwabe wrote:
When we try to make a configuration compatible to a version earlier
than 2.4.0 we probably need to have a --cipher configured since NCP
is not available. In configuration where --cipher is not specified
we default to BF-CBC to support these old clients.
Note that with OpenSSL 3.0 you will also need to enable the legacy
provider otherwise we bail out since BF-CBC is no longer supported.
Also move the condition so BF-CBC gets included in the data-ciphers
list.
Patch v2: move the comment to a better place.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Reviewed-by: Antonio Quartulli <a...@unstable.cc>
Unfortunately I cannot fully ACK this patch because I'd need to compile
2.3 to run a test, but this turned to be a mission impossible (due to
OpenSSL compatibility issues).
The change makes sense and it should do what we expect.
If anybody wants to test against an openvpn2.3 peer is most welcome.
Cheers,
--
Antonio Quartulli
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
