Re: [Openvpn-devel] [PATCH 1/7] simplify condition detecting pure P2P mode

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Monday, September 6th, 2021 at 14:19, Arne Schwabe wrote: > Am 04.09.21 um 11:56 schrieb Antonio Quartulli: > > > The new condition is equivalent to the old one, but easier

Re: [Openvpn-devel] [PATCH 7/7] add message about changing default values

Am 04.09.21 um 11:56 schrieb Antonio Quartulli: > With OpenVPN 2.6 there are a number of default settings that are changing > to more modern and safer values. > > Some users may not be aware of that and may experience problematic > behaviours, especially when connecting to older peers. > > Add wa

Re: [Openvpn-devel] [PATCH 6/7] set TLS 1.2 as minimum by default

Am 04.09.21 um 11:56 schrieb Antonio Quartulli: > Do not accept handshakes with peers trying to negotiate TLS lower than 1.2. > TLS 1.1 and 1.0 are not recommended and therefore will, by default, > allow TLS 1.2 as minimum version. > > The minimum allowed version can still be controlled via > '--t

Re: [Openvpn-devel] [PATCH 5/7] compat-mode: add --data-cipher-fallback auomatically if requested

Am 04.09.21 um 11:56 schrieb Antonio Quartulli: > For compatibility with OpenVPN older than 2.4.0, the > '--data-cipher-fallback' argument is automatically added with the same > value as specified by '--cipher'. > > This happens only when the user specifies compat-mode with a version > older than

Re: [Openvpn-devel] [PATCH 3/7] reject compression by default

Am 04.09.21 um 11:56 schrieb Antonio Quartulli: > With this change the value of '--allow-compression- is set to 'no'. > Therefore compression is not enabled by default and cannot be enabled > by the server either. > > This change is in line with the current rend of not recommending I think rend s

Re: [Openvpn-devel] [PATCH 4/7] do not include --cipher value in data-ciphers

Am 04.09.21 um 11:56 schrieb Antonio Quartulli: > The --cipher option has been there since a while, but it became more and > more confusing since the introduction of NCP (data cipher negotiation). > > The fallback cipher can now be specified via --data-cipher-fallback, > while the list of accepted

Re: [Openvpn-devel] [PATCH 2/7] compat-mode: allow user to specify version to be compatible with

Am 04.09.21 um 11:56 schrieb Antonio Quartulli: > This changes introduces the basic inbfrastructure required typo > to allow the user to specify a specific OpenVPN version to be > compatible with. > > Following changes will modify defaults to more modern and sa

Re: [Openvpn-devel] [PATCH 1/7] simplify condition detecting pure P2P mode

Am 04.09.21 um 11:56 schrieb Antonio Quartulli: > The new condition is equivalent to the old one, but easier to grasp. > > Also add message to inform uset that cipher negotiation, in this case, > it indeed disabled. > > Signed-off-by: Arne Schwabe > Signed-off-by: Antonio Quartulli > --- > src