Hi, On 27-04-17 08:47, Gert Doering wrote: > On Wed, Apr 26, 2017 at 05:58:19PM -0400, David Mehler wrote: >> Same question for the auth SHA512 line which is in both the server and >> client configuration files, if I add push "auth SHA512" can I remove >> the auth SHA512 line from the client? > > If you use GCM, the "auth" line is only used for tls-auth - and if you > use tls-auth (or tls-crypt), this needs to be correct before a connection > can be established at all. So, not pushable.
One slight correction: --tls-crypt always uses HMAC-SHA-256, no matter what you specify for --auth. So if you are using NCP and --tls-crypt, both the --cipher and --auth options from the config file are no longer used. -Steffan
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
