Hi,
On Wed, Jul 08, 2020 at 03:15:49PM +0200, Arne Schwabe wrote:
> +++ b/src/openvpn/ssl.c
> @@ -1986,6 +1986,12 @@ tls_session_update_crypto_params(struct
> tls_session *session,
> options->keysize = 0;
> }
> }
> +else
> +{
> + /* Very hacky workaround and
Am 08.07.20 um 12:10 schrieb Steffan Karger:
> Hi,
>
> As discusses in #openvpn-devel on IRC, this patch breaks interop with
> clients that don't pull, but that will be restored in a follow-up
> refactoring (before 2.5 rc1). I can live with that, but I think this
> should be mentioned in the commi
Am 08.07.20 um 13:15 schrieb Gert Doering:
> Hi,
>
> On Tue, Jul 07, 2020 at 02:16:14PM +0200, Arne Schwabe wrote:
>> Ever since the NCPv2 the ncp_get_best_cipher uses the global
>> options->ncp_enabled option and ignore the tls_session->ncp_enabled
>> option.
>
> For the record, this breaks "poo
Hi,
On Tue, Jul 07, 2020 at 02:16:14PM +0200, Arne Schwabe wrote:
> Ever since the NCPv2 the ncp_get_best_cipher uses the global
> options->ncp_enabled option and ignore the tls_session->ncp_enabled
> option.
For the record, this breaks "poor man's NCP" for big packets - tested
with 2.3 client an
Hi,
As discusses in #openvpn-devel on IRC, this patch breaks interop with
clients that don't pull, but that will be restored in a follow-up
refactoring (before 2.5 rc1). I can live with that, but I think this
should be mentioned in the commit message.
On 07-07-2020 14:16, Arne Schwabe wrote:
> Ev
Ever since the NCPv2 the ncp_get_best_cipher uses the global
options->ncp_enabled option and ignore the tls_session->ncp_enabled
option.
The server side's poor man's NCP is implemented as seeing the list
of supported ciphers from the peer as just one cipher so this special
handling for poor man's
