Encryption algorithm (deprecated)

Started by geek, May 20, 2023, 07:05:07 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 20, 2023, 07:05:07 PM
While making a new openvpn server in Opnsense (road warrior / remote access)
I saw "Encryption Algorithm" had a text saying "depcrecated"
with the following line:

"Cipher selection for older clients. Only preserved for backwards compatibility reasons."

Does that mean that it will auto negotiate select the encryption algorithm when the client connects to the openvpn server on opnsense? (for a while I thought encryption altogether is disabled, but that seemed silly :P)
May 20, 2023, 08:25:03 PM #1
The client and the server will negotiate the "best" encryption both sides support for some value of "best". If the client only supports deprecated algorithms and you disable this selection on the server side, a connection will not be established. If you enable it this client will be able to establish a connection with possibly broken algorithms.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions