Am 25.08.22 um 13:29 schrieb Gert Doering:
Hi,
On Mon, Aug 22, 2022 at 11:56:47AM +0300, Lev Stipakov wrote:
From: Antonio Quartulli <a...@unstable.cc>
With this change it is possible to use ovpn-dco-win when running OpenVPN
in client or P2P mode.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Signed-off-by: Lev Stipakov <l...@openvpn.net>
Signed-off-by: Antonio Quartulli <a...@unstable.cc>
---
Changes from v102:
* use "windows-driver ovpn-dco" without trailing "-win", since
"windows" is already implied by option name.
I have received sufficient test reports to be happy about it. The change
for v102 makes sense.
Alas, there is one change in v101 that I initiated which I'm now no
longer happy about:
@@ -3434,6 +3436,10 @@ options_postprocess_setdefault_ncpciphers(struct options
*o)
/* custom --data-ciphers set, keep list */
return;
}
+ else if (dco_enabled(o))
+ {
+ o->ncp_ciphers = dco_get_supported_ciphers();
+ }
else if (cipher_valid("CHACHA20-POLY1305"))
{
o->ncp_ciphers = "AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305";
This change does the right thing for DCO-enabled *Windows* builds, but
it does bad things for DCO-enabled FreeBSD, because of
I would also NAK the patch based on this. The default is currenlty
AES-128-GCM:AES-256-GCM and Chacha20-Poly1305 if supported. We don't
want to expose all algorithms that a DCO implementation supports.
The other thing is AES-192-GCM that we never announced before by default
and this change would announce that by default. That is also weird
behaviour.
Currently that might sound like nit picking but there are already other
AEAD ciphers that can be easily added to DCO implementations (ARIA as
AES variant is probably trivial in Linux for example).
Arne
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
