Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO
Copying from NG Redmine.
if_ovpn driver (in plus) and OpenVPN userspace now support ChaCha20-Poly1305 and AES-128-GCM with DCO, but the GUI does not allow these to be configured with DCO. Currently when DCO mode is enabled it forces the use of AES-256-GCM only.
The GUI will need to allow any combination of AES-256-GCM, AES-128-GCM, and ChaCha20-Poly1305 to be selected when DCO is enabled on an OpenVPN server or client.
Updated by Jim Pingle 3 months ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
The cipher selection list is no longer hidden in DCO mode.
When switching to DCO mode, the available cipher list is set to DCO compatible ciphers and any incompatible ciphers are removed from the list of selected ciphers. The fallback cipher list is also updated for DCO compatible ciphers in a similar way.
When switching out of DCO mode, the available cipher list are fallback cipher drop-downs are set back to all possible ciphers. Selected ciphers from DCO mode remain selected.