"Cipher = none" doesn't seem to be working properly
Guus Sliepen
guus at tinc-vpn.org
Sun Aug 7 21:54:57 CEST 2011
On Sun, Aug 07, 2011 at 03:29:21PM -0400, Brian Prodoehl wrote:
> Thanks for the quick reply. You were right, that my traffic was going
> over TCP, and I wasn't aware of how the cipher setting only applied to
> UDP traffic.
>
> Is cipher "none" being removed from 1.1? With OpenSSL, you get this:
>
> tincd 1.1pre2 (Aug 7 2011 14:59:40) starting, debug level 0
> Unknown cipher name 'none'!
> Unrecognized cipher type!
> Terminating
Oh, that was not intentional. I will add that back.
> My understanding is that using gcrypt does not yet work for other
> reasons (although it would appear to support cipher "none", from
> inspecting the code).
It worked at some point, but since the elliptic curve crypto is in tinc 1.1 it
is not up to date anymore. I shall get to that at some point.
> Fixing the behavior to initialize incipher as NULL is easy, but that
> doesn't work with code like cipher_close(&n->incipher), which is just
> a wrapper for EVP_CIPHER_CTX_cleanup(). Is the expectation that I
> build OpenSSL with the eNULL cipher, and use that?
Hm, you might try that but I don't know if it will be compatible with nodes who
don't have that cipher compiled in. It depends on whether OpenSSL uses nid 0
for the NULL ciphers.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20110807/3fc0016b/attachment.pgp>
More information about the tinc
mailing list