Opened 8 years ago
Closed 8 years ago
#762 closed Feature Wish (fixed)
want [AEAD] notice in log
Reported by: | Gert Döring | Owned by: | Gert Döring |
---|---|---|---|
Priority: | major | Milestone: | release 2.4 |
Component: | Generic / unclassified | Version: | OpenVPN 2.4_alpha2 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
This client refuses to do NCP...
Nov 7 11:35:34 fbsd93 openvpn[93232]: OpenVPN 2.4_alpha2 amd64-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [IPv6] built on Nov 6 2016 Nov 7 11:35:34 fbsd93 openvpn[93232]: library versions: OpenSSL 0.9.8zh-freebsd 3 Dec 2015, LZO 2.09
and unless one *knows* that this openssl version is old enough to not have the needed bits for AEAD, it's a bit tricky to debug why it ends up with
Nov 7 11:35:36 fbsd93 openvpn[93233]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
feature wanted!
Change History (2)
comment:1 Changed 8 years ago by
Owner: | set to Gert Döring |
---|---|
Status: | new → accepted |
comment:2 Changed 8 years ago by
Resolution: | → fixed |
---|---|
Status: | accepted → closed |
Note: See
TracTickets for help on using
tickets.
commit 2391a3ab08227a061a7f561e26b9688f6ba80e70
Author: Gert Doering
Date: Mon Nov 7 11:50:52 2016 +0100
... that was a quick one :)