On 16/05/2021 19:14, Arne Schwabe wrote:
First of all, I do like Steffan's proposal:
> Remove the option, and:
> * if auth != none -> replay prevention is always enabled;
> * if auth == none -> replay prevention is disabled.
And with "remove the option", if it exists in a config, it should be
Hi,
On Mon, Jan 25, 2021 at 01:56:27PM +0100, Arne Schwabe wrote:
> This is allows scripts and pluginsto parse/react to a
> CR_RESPONSE message
>
> Patch V2: doc fixes, do not put script under ENABLE_PLUGIN
This one was left out to try for too long (sorry), and is no more applying
in a fairly b
>
> Given 2, how clear is our timeline on sunsetting non-AEAD ciphers? That
> would automatically sunset --no-replay. (I've lost track a bit...)
Heated debate as that is equal to drop compatibility completely with
OpenVPN 2.3. We have already a heated debate if dropping 2.3 config
compatibility
Hi,
On 06-04-2021 12:55, Maximilian Fillinger wrote:
>> Am 02.04.21 um 15:26 schrieb Max Fillinger:
>>> From: Uipko Berghuis
>>>
>>> In mbedtls 2.16.0 mbedtls_ctr_drbg_update() changed to
>>> mbedtls_ctr_drbg_update_ret(). Change the function name and handle the
>>> new return value error code.
>
Hi,
On 07-04-2021 17:50, Antonio Quartulli wrote:
> On 26/07/2020 15:31, Arne Schwabe wrote:
>> Am 26.07.20 um 02:01 schrieb Arne Schwabe:
>>> Am 17.07.20 um 19:10 schrieb David Sommerseth:
The --no-replay feature is considered to be a security weakness, which
was also highlighed during
Hi,
On 02-04-2021 20:16, Gert Doering wrote:
> Your patch has been applied to the master branch.
>
> I have never looked into this reliable stuff before, and do not have
> a test environment with a) significant amounts of control plane traffic,
> and b) "just the right amount" of packet loss. So
Hi,
On 10-04-2021 01:42, Arne Schwabe wrote:
>
> Am 09.04.2021 um 18:28 schrieb Gert Doering:
>> Hi,
>>
>> there was a big discussion on the IRC channel today about interactions
>> between "--chroot" and "--persist-key" and how and when stuff is reloaded
>> or not.
>>
>> Now, we all seem to agree
