]> git.ipfire.org Git - thirdparty/openvpn.git/commit - src/openvpn/ssl_common.h
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: aa6affe) | patch
Only announce IV_NCP=2 when we are willing to support these ciphers
authorArne Schwabe <arne@rfc2549.org>
Mon, 17 Feb 2020 14:43:35 +0000 (15:43 +0100)
committerGert Doering <gert@greenie.muc.de>
Mon, 17 Feb 2020 18:21:24 +0000 (19:21 +0100)
commit868b200c3aef6ee5acfdf679770832018ebc7b70
treeaa1f96476c8e3f17a1dd51234f32d4e8b1ea329ftree | snapshot
parentaa6affe6df811db11577847366a569def0a3e314commit | diff
Only announce IV_NCP=2 when we are willing to support these ciphers

We currently always announce IV_NCP=2 when we support these ciphers even
when we do not accept them. This lead to a server pushing a AES-GCM-128
cipher to clients and the client then rejecting it.

Patch V2:  Remove unecessary restoring of ncp_ciphers
Patch V3:  Do not add ncp_ciphers in context

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <20200217144339.3273-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20200217144339.3273-2-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>
doc/openvpn.8 diff | blob | blame | history
src/openvpn/init.c diff | blob | blame | history
src/openvpn/ssl.c diff | blob | blame | history
src/openvpn/ssl_common.h diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git