Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
openvpn: try to use CHACHA20-POLY1305 (if supported by the remote end…
…) on routers without AES acceleration
- Loading branch information
1db48ac
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't want to do that for legacy reasons, as a LOT of servers and clients out there still don't support GCM. Hence they are kept in but with a lower priority than the GCM ciphers, which will get used if the remote end supports it.
OpenVPN is not susceptible to POODLE. No official word regarding GOLDENDOODLE.
Keep in mind that these exploits are generally more problematic for open servers such as web servers. VPN servers require clients to be authenticated to be allowed to fully connect.