On 20/07/17 13:55, Alexander Ploumistos wrote:
On Thu, Jul 20, 2017 at 2:21 PM, David Sommerseth
<dazo(a)eurephia.org> wrote:
> I rather prefer to have this change in Fedora _now_ in a _planned_
> release where this can be tested out before the final F27 is released.
I modified the unit file on a F26 VPS and I didn't have any problems
connecting with F24, F25, F26, a gentoo installation that hasn't been
updated in almost a year, OpenWrt (CC) and Android (Lineage OS 14.1).
Not that this is exhaustive testing, but I think this change is a lot
less pervasive than it is made out to be.
Thank you very much for this testing! This is truly a valuable feedback.
And you are right, this shouldn't be such a risky or invasive change at
all - as it should provide the needed fallback to not break existing
configurations; which you seem to have confirmed as well.
But I wanted to make this change visible in Fedora, both due to there
were complaints when updating to OpenVPN v2.4 which broke some
configurations (several reasons, I won't dive into that now) - and to
highlight that there is now a way to seamlessly update client
configurations one-by-one to a far better cipher for those still using
BF-CBC.
--
kind regards,
David Sommerseth