Changes between Initial Version and Version 7 of Ticket #879
- Timestamp:
- 05/07/17 13:37:45 (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #879
- Property Cc Steffan Karger added
- Property Owner set to Steffan Karger
-
Property
Status
changed from
new
toaccepted
-
Ticket #879 – Description
initial v7 1 1 Theses two issues happen only sometimes. The full server log is attached. Both issues might be related? 2 2 3 Issue # 1:3 Issue # 1: 4 4 extra_frame is -72 larger after each connection attempt and after a few times packets are discarded with "TCP/UDP packet too large on write". 5 5 6 6 Some of the lines of the server log file: 7 {{{ 7 8 MULTI: multi_create_instance called 8 9 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ] … … 16 17 Data Channel MTU parms [ L:1333 D:1333 EF:-167 EB:406 ET:0 EL:3 ] 17 18 TCP/UDP packet too large on write to [AF_INET]1.2.3.4:1194 (tried=1419,max=1333) 19 }}} 18 20 (A small ping still works.) 19 21 20 Issue # 2:22 Issue # 2: 21 23 Sometimes the PUSH_REPLY does not include the "cipher AES-256-GCM" which would switch the client away from the default BF-CBC to AES-256-GCM. Client and server use mismatching ciphers afterwards. 22 24 … … 24 26 25 27 Example for when client + server both establish AES-256-GCM: 28 {{{ 26 29 TLS: Username/Password authentication succeeded for username 'foo' [CN SET] 27 30 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1 … … 33 36 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key 34 37 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key 38 }}} 35 39 36 40 Example for when client uses BF-CBC but server uses AES-256-GCM: 41 {{{ 37 42 TLS: Username/Password authentication succeeded for username 'foo' [CN SET] 38 43 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key … … 45 50 SENT CONTROL [foo]: 'PUSH_REPLY,ping 45,route 3.2.1.69,route 3.2.1.72,route 3.2.1.44,route 10.144.0.1,topology net30,ifconfig 10.144.0.6 10.144.0.5,peer-id 0' (status=1) 46 51 AEAD Decrypt error: cipher final failed 52 }}}