Dear listusers,
on a flavor we have
- clients with comp-lzo in their local config and we have no access to
this clients. (can't change it)
- very old clients below 2.3 (no peer info)
- also "modern" clients of all versions 2.3.2 - 3.8.5
Our minimum Cipher is AES-256-CBC as fallback, when does AES-256-CBC is
supported by openvpn? It could reveal the minimum client version.
--allow-compression asym
can be set, but clients will still compress. Clients without, can't connect.
--compress migrate
clients > 2.3 get pushed "stub-v2" all other "comp-lzo no".
What happens to clients wich does not support it? e.g. 2.2.x
This parameter is not documented in the reference manual, it is still
supported in 2.6 and how long it may be supported?
What could be the best way to operate it with a little attack surface
(voracle) but remaining compatibility for old clients?
Thanks for all information on this topic.
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
