Hi, On Mon, Nov 07, 2016 at 11:47:42AM +1300, Jason Haar wrote: > On Fri, Nov 4, 2016 at 8:47 PM, Gert Doering <g...@greenie.muc.de> wrote: > > > The other would be to live with the warning message until you can roll > > out 2.4, which will be able to handle per-client ciphers, AND will > > auto-upgrade 2.4 clients to AES-256-GCM. > > By that do you mean that if you upgrade the clients to 2.4 (with 2.3 > server), and don't define "cipher", they will figure it out and still work > with the older server.
Well, let me try to clarify:
- if you do not specify cipher, it's exactly the same as specifying
"cipher blowfish" (so, "not specifying anything" is not significant)
- 2.3 client talking to 2.4 server, or 2.4 client talking to 2.3 server,
will do exactly what you told them with "cipher", so, stick to blowfish
(and have the annyoing warning in the log)
- 2.4 client talking to 2.4 server will send a special handshake (IV_NCP=2)
which signals "I can do pushable cipher, and I can do AES-GCM", so the
server will (usually) send back "cipher AES-256-GCM" and move itself
to AES-256-GCM as well.
In this case, the "cipher" statement in both client and server config
is totally ignored(!) - the cipher chosen is the first one in the
"--ncp-ciphers" list (which defaults to "AES-256-GCM:AES-128-GCM")
on the server side - this is a new option.
If the server tries to push a cipher that is not on client's ncp-ciphers
list, it will be ignored and the result is a cipher mismatch (=fail) -
so, changing --ncp-ciphers is something to be done with care. This
is something which will be extended in the future, but for now, we've
decided that we are not worrying yet about AES-256-GCM being broken.
- if you do not *want* this behaviour, you can turn it off with
"--ncp-disable" on either client or server
> And when I finally upgrade the server to 2.4
> (without defining "cipher"), then after the restart, the 2.4 clients will
> all move off Blowfish to AES? That would be great - certainly worth waiting
> for :-)
Right, except that you do not need to "not define cipher" :-)
I've done it the other way round - upgraded my customer's server to
2.4_alpha2, so all the mobile clients can enjoy AES right away
(iOS client is OpenVPN 3, which does this, and OpenVPN for Android
is based on git master/2.4 source) and I can then move over client
after client... but then, I'm in the comfortable position of having
a very direct line to development central in case something breaks :-)
(which it didn't)
JFTR, we do daily tests of "the most common scenarios" of our git master
*server* against 2.2, 2.3 and git master clients - so we're reasonably
scenarios".
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
