On Thu, Dec 29, 2016 at 5:53 AM, Samuli Seppänen <sam...@openvpn.net> wrote:
> Hi,
>
> Any comments about the forwarded email? Is our documentation regarding
> "or-highest" correct?
>
> Samuli
>
>
> -------- Messaggio Inoltrato --------
> Oggetto: Re: [Openvpn-announce] OpenVPN 2.4.0 released
> Data: Tue, 27 Dec 2016 22:04:23 -0600
> Mittente: Michael French <m...@mpfrench.com>
> A: Samuli Seppänen <sam...@openvpn.net>
>
>
>
> Hi Samuli,
> I installed 2.4 on a couple Windows 7x64 computers and all seems well.
> I even got tls-crypt to work using the old ta.key file on both client
> and server.
>
> However, I noticed in the documentation for 2.4 that the parameter
> tls-version-min is supposed to work with the 'or-highest' option, but it
> does not.
>
> I wish that it did work because I always want to run with the most
> secure version of TLS and the 'or-highest' option would save me the
> trouble of manually editing the TLS number every time it changes.
>
I too find this option somewhat counter-intuitive. I think you can
effectively get it set to the highest available version by specifying an
insanely large number as the first parameter. For example,
--tls-version-min 5.0 or-highest
As 5.0 is larger than any available versions, the minimum will get set to
the highest available (say 1.2).
However, that will also make it impossible to connect to a server that
doesn't support the said version.
Selva
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel