On 20/07/17 13:55, Alexander Ploumistos wrote: > On Thu, Jul 20, 2017 at 2:21 PM, David Sommerseth <dazo@xxxxxxxxxxxx> wrote: >> I rather prefer to have this change in Fedora _now_ in a _planned_ >> release where this can be tested out before the final F27 is released. > > I modified the unit file on a F26 VPS and I didn't have any problems > connecting with F24, F25, F26, a gentoo installation that hasn't been > updated in almost a year, OpenWrt (CC) and Android (Lineage OS 14.1). > Not that this is exhaustive testing, but I think this change is a lot > less pervasive than it is made out to be. Thank you very much for this testing! This is truly a valuable feedback. And you are right, this shouldn't be such a risky or invasive change at all - as it should provide the needed fallback to not break existing configurations; which you seem to have confirmed as well. But I wanted to make this change visible in Fedora, both due to there were complaints when updating to OpenVPN v2.4 which broke some configurations (several reasons, I won't dive into that now) - and to highlight that there is now a way to seamlessly update client configurations one-by-one to a far better cipher for those still using BF-CBC. -- kind regards, David Sommerseth _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
