On 09-04-2020 15:45, Johannes Bauer wrote: > On 09.04.20 12:50, Jan Just Keijser wrote: >> I'd rephrase that: not every advance in a TLS library does >> automatically add that capability to OpenVPN. >> >> What I mean by that is that some of the newer algorithms in OpenSSL (or >> mbedTLS) *DO* become available in OpenVPN automatically (e.g. >> ARIA-256-GCM from OpenSSL 1.1.1) . But you are absolutely right in the >> sense that it is a shame that some many new developments in a crypto lib >> (like GCM modes and AEAD ciphers) take such a long time to get added to >> OpenVPN. >> I don't quite grap why chacha20 is not available in OpenVPN - it seems >> to be "just another" AEAD cipher, but I am sure that Steffan can shed >> light on this. > > Hm, interesting. Yeah from the API perspective I do not know why > ChaCh20/Poly1305 should be different than any other AEAD stream cipher. > Especially when you already have support for GCM, which essentially > makes the underlying block cipher behave as a stream cipher, the API > should be identical. Maybe I'm missing something here.
Already done. Will be part of the 2.5 release: https://github.com/OpenVPN/openvpn/commit/6d0d0af -Steffan _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
