git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Wed, 18 Aug 2021 21:33:54 +0000 (23:33 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 7 Sep 2021 15:29:11 +0000 (17:29 +0200)
commit	a38a377fd524d0e14a23ed17487ea3e3d3ad3fe7
tree	04db9eea4ea708b177207e9866cdc5c0813656e9	tree
parent	5a5d11a0dea51e709b44dfabc1ec97b5f3c5b222	commit \| diff

Include Chacha20-Poly1305 into default --data-ciphers when available

Most TLS 1.3 libraries inlcude the Chacha20-Poly1305 based cipher suite
beside the AES-GCM based ones int he list of default ciphers suites.
Chacha20-Poly1305 is accepted as good alternative AEAD algorithm to the
AES-GCM algorithm by crypto community.

Follow this and include Chacha20-Poly1305 by default in data-ciphers
when available. This makes picking Chacha20-Poly1305 easier as it only
requires to change server (by changing priority) or client side (removing
AES-GCM from data-ciphers) to change to Chacha20-Poly1305.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20210818213354.687736-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22745.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Changes.rst		diff \| blob \| blame \| history
doc/man-sections/cipher-negotiation.rst		diff \| blob \| blame \| history
doc/man-sections/protocol-options.rst		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history