Menu
▾
▴
Re: [Openvpn-devel] OpenVPN Versioning
|
From: Arne S. <ar...@rf...> - 2013-06-12 21:08:41
|
Am 12.06.13 21:38, schrieb James Yonan: About finding out which cipher client and server use. I am not really familiar with this code so forgive my stupid question. TLS somehow also does this "select the best cipher to use" dance. Why can't we use the TLS mechanism but have to use our own IV_CIPHER? > Suppose I want to put this directive in the config files I distribute to > clients, but have it be ignored by older clients that don't recognize > it. I could do this as follows on the client: > > setenv opt tls-version-min 1.2 I suppose this a good idea too also support older client. I would to *additionally* add a way to support this in a nicer way for future release. Like also adding an option ignore-unknown-options tls-version new-cool-option so newer can some day can still be written with having to use "setenv opt" Loosly related this would also allow to give use a "default" set of options that can be ignored (ip-win32 on *nix) Arne |
