[Ach] reverted 41091bb2c3fe5396d6c8d9261236068a12726f91

Adi Kriegisch adi at kriegisch.at
Fri Dec 27 21:02:27 CET 2013


> b) the maximum line lenght in the config file is 256 characters (or
>    was it 255)? That means the whole expanded "Configuration B" line
>    doesn't fit, but the same list with the EC ciphers removed does fit
>    and even leaves about 10 bytes free.
> I'm happy for suggestions...
I think the whole cipherB string isn't necessary at all: it is meant for
a diverse set of clients to provide a good level of compatibility. OpenVPN
only needs to be able to talk to OpenVPN -- but in a backwards compatible
way allowing older client versions to connect too. So, I think recommending
just one or two DHE-AES (256 or 128 bit?) ciphers and probably add some
ECDHE ciphers (just like in cipherA). AFAIK older versions of OpenVPN do
not support TLSv1.2, so directly using cipherA isn't possible.

-- Adi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131227/418fed64/attachment.sig>

More information about the Ach mailing list