Changes between Initial Version and Version 7 of Ticket #879


Ignore:
Timestamp:
05/07/17 13:37:45 (7 years ago)
Author:
Steffan Karger
Comment:

(Tuned the markup of the description a little.)

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #879

    • Property Cc Steffan Karger added
    • Property Owner set to Steffan Karger
    • Property Status changed from new to accepted

  • Ticket #879 – Description

    initial v7  
    11Theses two issues happen only sometimes. The full server log is attached. Both issues might be related?
    22
    3 Issue #1:
     3Issue # 1:
    44extra_frame is -72 larger after each connection attempt and after a few times packets are discarded with "TCP/UDP packet too large on write".
    55
    66Some of the lines of the server log file:
     7{{{
    78MULTI: multi_create_instance called
    89Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
     
    1617Data Channel MTU parms [ L:1333 D:1333 EF:-167 EB:406 ET:0 EL:3 ]
    1718TCP/UDP packet too large on write to [AF_INET]1.2.3.4:1194 (tried=1419,max=1333)
     19}}}
    1820(A small ping still works.)
    1921
    20 Issue #2:
     22Issue # 2:
    2123Sometimes the PUSH_REPLY does not include the "cipher AES-256-GCM" which would switch the client away from the default BF-CBC to AES-256-GCM. Client and server use mismatching ciphers afterwards.
    2224
     
    2426
    2527Example for when client + server both establish AES-256-GCM:
     28{{{
    2629TLS: Username/Password authentication succeeded for username 'foo' [CN SET]
    2730TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1
     
    3336Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
    3437Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
     38}}}
    3539
    3640Example for when client uses BF-CBC but server uses AES-256-GCM:
     41{{{
    3742TLS: Username/Password authentication succeeded for username 'foo' [CN SET]
    3843Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
     
    4550SENT CONTROL [foo]: 'PUSH_REPLY,ping 45,route 3.2.1.69,route 3.2.1.72,route 3.2.1.44,route 10.144.0.1,topology net30,ifconfig 10.144.0.6 10.144.0.5,peer-id 0' (status=1)
    4651AEAD Decrypt error: cipher final failed
     52}}}