I'd NACK this patch : the default behaviour of OpenVPN should be independent of the SSL implementation.
JJK Adriaan de Jong wrote: > Signed-off-by: Adriaan de Jong <dej...@fox-it.com> > --- > options.c | 5 +++++ > 1 files changed, 5 insertions(+), 0 deletions(-) > > diff --git a/options.c b/options.c > index 39e7a57..d917072 100644 > --- a/options.c > +++ b/options.c > @@ -810,7 +810,12 @@ init_options (struct options *o, const bool init_gc) > o->server_poll_timeout = 0; > #endif > #ifdef USE_CRYPTO > +#ifdef USE_OPENSSL > o->ciphername = "BF-CBC"; > +#endif > +#ifdef USE_POLARSSL > + o->ciphername = "AES-128-CBC"; > +#endif > o->ciphername_defined = true; > o->authname = "SHA1"; > o->authname_defined = true; >
