git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Sun, 30 Aug 2020 14:07:36 +0000 (16:07 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 24 Nov 2020 19:28:59 +0000 (20:28 +0100)
commit	f8c3e0aef2f6e03a0a5eafd81644c4079796649d
tree	13cb7d242b293e38039455084e4c25ef730b1b99	tree \| snapshot
parent	7e3cd06d514476658709506c5e8e0703008efc5f	commit \| diff

Also announce IV_CIPHERS as client in OpenVPN 2.4

This improves compatbility to a OpenVPN 2.5 server and
allows to negotiate a different cipher than AES-128/256-GCM
without abusing the poor man's NCP support with --cipher.

We keep the IV_NCP=2 flag logic as broken as it is since 2.5 server
ignore the flag if IV_CIPHERS is set and this might break existing
2.4 setups.

Server support for IV_CIPHERS is not added since it would be quite
intrusive and users should rather upgrade to 2.5 on the server
if they want the full benefits.

This commit cherry picks a few parts of
868b200c3aef6ee5acfdf679770832018ebc7b70

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200830140736.16571-3-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20844.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/init.c		diff \| blob \| blame \| history
src/openvpn/ssl.c		diff \| blob \| blame \| history
src/openvpn/ssl_common.h		diff \| blob \| blame \| history