On 06-03-15 17:42, debbie...@gmail.com wrote: >>> Server Config: >>> tls-cipher >>> TLS-DHE-RSA-WITH-AES-256-CBC-SHA:DEFAULT:!EXP:!LOW:!PSK:!SRP:!kRSA >> >> Just use "tls-cipher DEFAULT:!EXP:!LOW:!PSK:!SRP:!kRSA", >> TLS-DHE-RSA-WITH-AES-256-CBC-SHA is ready part of DEFAULT. > > Specifying the actual cipher I want to use means that no other cipher > can be selected. > This is my desired configuration. I have full control of server and > clients. > > As for determining which desgnation each cipher currently is assigned, > IE: !LOW (not low):!PSK etc > I presume I can search the source for a reasonably simple assignment list. > Will try later .. > > However, for clarification, which item takes precedence ? > IE: DES-CFB1 64 bit default key (fixed) ... Verses ... !LOW > If a contradiction is itroduced is it reported and how is it resolved ?
If you know what you want, specifying a single cipher is fine too. In that case there is no need to add the DEFAULT:!EXP:!LOW:!PSK:!SRP:!kRSA part, as that will add more cipher suites to the list of allowed cipher suites. Next to specifying ciphers, OpenSSL support groups like 'DEFAULT' or 'LOW'. OpenVPN just forwards this list to OpenSSL, so take a look at their documentation for details: https://www.openssl.org/docs/apps/ciphers.html This page might not tell you everything you want to know, the full 'documentation' can be found here: https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/ssl/ssl_ciph.c#L1457 -Steffan ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
