Hi, On Thu, Oct 02, 2014 at 11:39:29AM -0400, Joe Patterson wrote: > First off, just to make sure I'm reading things correctly, tls-cipher is an > ordered list of acceptable tls control channel ciphers, while cipher is a > single acceptable data channel cipher, correct?
Yes.
> I was considering the possibility of changing my cipher, and was trying to
> figure out the logistics of it, and it seems like I'm probably stuck with
> "change everything all at once across all clients and servers", which is
> kind of painful.
Yes, this is how it is today.
We've started talking about pushable cipher settings, and potentially
full client-server cipher negotiations inside the TLS handshake, but
this did not result in any code yet.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpULTRMYOlYN.pgp
Description: PGP signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
