Am 25.10.14 22:35, schrieb Steffan Karger:
> Since key_state_ssl_init() returns void, it *must* succeed. By changing the
> 'if(a) { success } else ignore' into 'ASSERT(a); success', we make sure we
> don't fail (which we in practice don't do, because otherwise we would have
> had complaining users
Am 25.10.14 22:35, schrieb Steffan Karger:
> Overzealous users using the --tls-cipher option, or users with actual
> incompatible crypto libaries often waste quite some time debugging the
> "no shared cipher" error from openssl. See e.g. trac ticket #359:
> https://community.openvpn.net/openvpn/tic
Attached a v2 of this patch. The only difference is that it adds a
missing #include .
On 25-10-14 22:35, Steffan Karger wrote:
> Signed-off-by: Steffan Karger
> ---
> src/openvpn/crypto_polarssl.c | 26 ++
> src/openvpn/crypto_polarssl.h | 40 +
On 27-10-14 21:15, Arne Schwabe wrote:
> Am 25.10.14 22:35, schrieb Steffan Karger:
>> Overzealous users using the --tls-cipher option, or users with actual
>> incompatible crypto libaries often waste quite some time debugging the
>> "no shared cipher" error from openssl. See e.g. trac ticket #35
Hi,
Since I had to miss the most recent IRC meeting, I'll just put this on
the mailinglist.
OpenVPN has used TLSv1.0 exclusively for a long time. A few months ago,
TLS version negotiation was added for OpenSSL builds (PolarSSL builds
already had version negotiation), but that triggered quite some
