"Cipher = none" doesn't seem to be working properly
Brian Prodoehl
bprodoehl at gmail.com
Sun Aug 7 21:57:35 CEST 2011
On Sun, Aug 7, 2011 at 3:54 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Sun, Aug 07, 2011 at 03:29:21PM -0400, Brian Prodoehl wrote:
>
>> Thanks for the quick reply. You were right, that my traffic was going
>> over TCP, and I wasn't aware of how the cipher setting only applied to
>> UDP traffic.
>>
>> Is cipher "none" being removed from 1.1? With OpenSSL, you get this:
>>
>> tincd 1.1pre2 (Aug 7 2011 14:59:40) starting, debug level 0
>> Unknown cipher name 'none'!
>> Unrecognized cipher type!
>> Terminating
>
> Oh, that was not intentional. I will add that back.
>
>> My understanding is that using gcrypt does not yet work for other
>> reasons (although it would appear to support cipher "none", from
>> inspecting the code).
>
> It worked at some point, but since the elliptic curve crypto is in tinc 1.1 it
> is not up to date anymore. I shall get to that at some point.
>
>> Fixing the behavior to initialize incipher as NULL is easy, but that
>> doesn't work with code like cipher_close(&n->incipher), which is just
>> a wrapper for EVP_CIPHER_CTX_cleanup(). Is the expectation that I
>> build OpenSSL with the eNULL cipher, and use that?
>
> Hm, you might try that but I don't know if it will be compatible with nodes who
> don't have that cipher compiled in. It depends on whether OpenSSL uses nid 0
> for the NULL ciphers.
I'm trying OpenSSL's NULL cipher now. I have the advantage of not
needing to be backwards compatible, so hopefully this just works.
More information about the tinc
mailing list