Re: [Openvpn-users] [ext] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'

[Gert D. <ge...@gr...>]

Hi,

On Thu, Oct 29, 2020 at 03:21:54PM +0100, Ralf Hildebrandt wrote:
> tl;dr: client and server negotiate a GCM (Galois/Counter Mode) cipher
> (AES-GCM), and those ciphers includes a HMAC, thus the specified AUTH
> isn't really being used. 

True, but this "config mismatch warning" stuff should actually
be checked before GCM is negotiated, so there *should* not be a
mismatch if both sides have it in their config.

We should not log annoying warnings unless there is something
actionable for the users ("stop using BF-CBC"), so this is something
we should look into fixing.

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             ge...@gr...