Opened 2 years ago
Last modified 17 months ago
#1313 new Bug / Defect
OCC warnings about cipher and auth mismatch are misleading
| Reported by: | Gert Döring | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | release 2.4.11 |
| Component: | Generic / unclassified | Version: | OpenVPN 2.4.9 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | NCP, cipher, OCC, warning |
| Cc: | plaisthos, Steffan Karger |
Description
In a setup where NCP is active, a client might warn in its logfile about cipher mismatch (if it has a different cipher configured than the server), but it is of no consequences because NCP will do the right thing anyway.
I think this needs to be fixed - possibly by announcing NCP status in the OCC messages, and "if I have NCP and the other side has NCP, ignore mismatches in cipher and auth".
Or maybe "if I am NCP *capable* and the server has NCP *enabled*" (because 2.4 with --ncp-disable talking to a 2.5 server will still get a proper cipher back).
Change History (3)
comment:1 Changed 2 years ago by
| Milestone: | → release 2.4.10 |
|---|---|
| Version: | OpenVPN git master branch (Community Ed) → OpenVPN 2.4.9 (Community Ed) |
comment:2 Changed 2 years ago by
I am CC'ing myself but also want to add this link:
https://community.openvpn.net/openvpn/wiki/CipherNegotiation
OpenVPN 2.4 vs 2.5 (and 2.2/2.3) do have some differences but the final outcome is as optimal as possible.
comment:3 Changed 17 months ago by
| Milestone: | release 2.4.10 → release 2.4.11 |
|---|
So is there anything left to do for 2.4.11? Or close for good - issue is documented, fixed for 2.5, and search engines will find this thread?
I just learned that 2.5 will no longer print
cipherwarnings anyway (never, unconditionally). At least, as of today.So 2.4 remains...