[Ach] reverted 41091bb2c3fe5396d6c8d9261236068a12726f91

Thu Dec 26 10:08:09 CET 2013

On Thu, Dec 26, 2013 at 12:36:15AM +0100, Aaron Zauner wrote:
> BTW. how should we approach the OpenVPN thing? 

I don't see many options -- the problem is:

a) since 2.3.1 it accepts IANA and OpenSSL cipher names, but only in
   the form of lists of cipher suites, not the "extended" OpenSSL
   syntax like we use it (with the "+" and "!" etc). That means we
   need to give an explicit list.

b) the maximum line lenght in the config file is 256 characters (or
   was it 255)? That means the whole expanded "Configuration B" line
   doesn't fit, but the same list with the EC ciphers removed does fit
   and even leaves about 10 bytes free.

I'm happy for suggestions...

cm.

-- 
Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!

http://heise.de/-1260559

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.