Opened 2 years ago
Last modified 22 months ago
#1313 new Bug / Defect
OCC warnings about cipher and auth mismatch are misleading
Reported by: | Gert Döring | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | release 2.4.11 |
Component: | Generic / unclassified | Version: | OpenVPN 2.4.9 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | NCP, cipher, OCC, warning |
Cc: | plaisthos, Steffan Karger |
Description
In a setup where NCP is active, a client might warn in its logfile about cipher mismatch (if it has a different cipher
configured than the server), but it is of no consequences because NCP will do the right thing anyway.
I think this needs to be fixed - possibly by announcing NCP status in the OCC messages, and "if I have NCP and the other side has NCP, ignore mismatches in cipher
and auth
".
Or maybe "if I am NCP *capable* and the server has NCP *enabled*" (because 2.4 with --ncp-disable talking to a 2.5 server will still get a proper cipher back).
Change History (3)
comment:1 Changed 2 years ago by
Milestone: | → release 2.4.10 |
---|---|
Version: | OpenVPN git master branch (Community Ed) → OpenVPN 2.4.9 (Community Ed) |
comment:2 Changed 2 years ago by
I am CC'ing myself but also want to add this link:
https://community.openvpn.net/openvpn/wiki/CipherNegotiation
OpenVPN 2.4 vs 2.5 (and 2.2/2.3) do have some differences but the final outcome is as optimal as possible.
comment:3 Changed 22 months ago by
Milestone: | release 2.4.10 → release 2.4.11 |
---|
So is there anything left to do for 2.4.11? Or close for good - issue is documented, fixed for 2.5, and search engines will find this thread?
I just learned that 2.5 will no longer print
cipher
warnings anyway (never, unconditionally). At least, as of today.So 2.4 remains...