Menu
▾
▴
Re: [Openvpn-users] How to continue operation with comp-lzo and/or migrate from it?
|
From: Eike L. <e.l...@ic...> - 2024-07-01 07:14:13
|
Dear Devs, what is the state of --compress migrate? Thank you. Am 18.06.24 um 12:52 schrieb Eike Lohmann: > > Dear listusers, > > on a flavor we have > > - clients with comp-lzo in their local config and we have no access to > this clients. (can't change it) > > - very old clients below 2.3 (no peer info) > > - also "modern" clients of all versions 2.3.2 - 3.8.5 > > > Our minimum Cipher is AES-256-CBC as fallback, when does AES-256-CBC > is supported by openvpn? It could reveal the minimum client version. > > > --allow-compression asym > > can be set, but clients will still compress. Clients without, can't > connect. > > > --compress migrate > > clients > 2.3 get pushed "stub-v2" all other "comp-lzo no". > > What happens to clients wich does not support it? e.g. 2.2.x > > This parameter is not documented in the reference manual, it is still > supported in 2.6 and how long it may be supported? > > > What could be the best way to operate it with a little attack surface > (voracle) but remaining compatibility for old clients? > > > Thanks for all information on this topic. > > > > > > > _______________________________________________ > Openvpn-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-users |
