From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: OpenVPN-2.5.0 update procedure and idea collector
Date: Mon, 23 Nov 2020 10:14:46 +0100 [thread overview]
Message-ID: <33ec9b952816a6fcb11111f289e95731f84600b7.camel@ipfire.org> (raw)
In-Reply-To: <9727cf30a318c21bef541b1441ad02164d6f6e98.camel@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 1028 bytes --]
Some additions and WUI restructure ideas after some more testings.
'--cipher' is no longer needed if '--data-cipher-fallback' is in usage,
there is also no need for '--data-ciphers' for the first if '--data-
cipher-fallback' is active. The client can still uses the '--cipher
alg' directive and the 2.5.0 server responds with '--data-ciphers-
fallback alg' .
The idea: Remove the cipher section from the global area from the WUI,
rename simply '--cipher' to '--data-ciphers-fallback' in server.conf
and keep the index, include the 'DCIPHER' (also 'DAUTH' and 'TLSAUTH')
variable(s) to the advanced encryption section with the related indexes
to keep the old configuration but set also new defaults for new
configurations.
If '--data-ciphers' is active, all old clients have the chance with
e.g. an old CBC cipher to migrate also to newer clients step-by-step so
we can get rid of the old broken algorithms like CAST, DES and BF since
they won´t appear in the new advanced encryption section...
As an idea !?
Best,
Erik
next prev parent reply other threads:[~2020-11-23 9:14 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-22 16:30 ummeegge
2020-11-23 9:14 ` ummeegge [this message]
2020-11-23 14:28 ` Kienker, Fred
2020-11-23 14:52 ` ummeegge
2020-11-23 18:06 ` Michael Tremer
2020-11-26 18:47 ` ummeegge
2020-11-26 22:33 ` Adolf Belka
2020-11-27 7:20 ` ummeegge
2020-11-27 12:19 ` Adolf Belka
2020-11-27 13:23 ` ummeegge
2020-11-27 16:43 ` ummeegge
2020-11-27 12:40 ` Adolf Belka
2020-11-27 13:24 ` ummeegge
2020-11-28 5:52 ` ummeegge
2020-11-28 14:12 ` Adolf Belka
2020-11-28 16:00 ` Adolf Belka
2020-11-29 11:15 ` ummeegge
2020-11-29 13:12 ` Adolf Belka
2020-11-29 18:36 ` ummeegge
2020-11-23 11:41 ` Adolf Belka
2020-11-23 14:44 ` ummeegge
2020-11-23 18:00 ` Michael Tremer
2020-11-23 22:29 ` Adolf Belka
2020-11-24 15:27 ` ummeegge
2020-12-14 14:13 ` Michael Tremer
2020-12-14 14:09 ` Michael Tremer
2020-11-23 17:58 ` Michael Tremer
2020-11-23 19:49 ` ummeegge
2020-11-23 22:38 ` Adolf Belka
2020-11-25 17:10 ` ummeegge
2020-12-14 14:05 ` Michael Tremer
[not found] <92ba003d-a1a9-4f7e-0608-35ff42f64bf8@gmail.com>
2020-12-01 4:26 ` ummeegge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=33ec9b952816a6fcb11111f289e95731f84600b7.camel@ipfire.org \
--to=ummeegge@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox