[Ach] reverted 41091bb2c3fe5396d6c8d9261236068a12726f91

christian mock cm at coretec.at
Fri Dec 27 23:45:34 CET 2013

On Fri, Dec 27, 2013 at 09:02:27PM +0100, Adi Kriegisch wrote:

> I think the whole cipherB string isn't necessary at all: it is meant for
> a diverse set of clients to provide a good level of compatibility. OpenVPN
> only needs to be able to talk to OpenVPN -- but in a backwards compatible
> way allowing older client versions to connect too. So, I think recommending
> just one or two DHE-AES (256 or 128 bit?) ciphers and probably add some

And client versions compiled with different openssl versions, and
client versions on differing OSes/distributions, so in the end a
longer list of suites may be required. 

So I think the more-or-less config B as we have it now is OK.


Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

CoreTEC: Web Application Audit - Damit so etwas nicht passiert!



More information about the Ach mailing list