2017-06-30 05:27:14 UTC
I have a question regarding the default behaviour of the ncp-ciphers option on the server.
In the example, both client and server use OpenVPN 2.4.0.
If the server does not explicitly define the `ncp-ciphers` option in the configuration, just `cipher AES-128-CBC`, I assume the default of the `ncp-ciphers` is enabled (AES-256-GCM:AES-128-GCM), right?
The client has the option `cipher AES-128-CBC` defined, but also uses `ncp-disable`. This connection should work fine, as both ciphers match.
If the client changes the cipher to `cipher AES-256-GCM`(or AES-128-GCM), but keeps the `ncp-disable` in its configuration and then reconnects to the same server,
would the connection succeed, due to the server having the cipher in the `ncp-ciphers` default list, or would it fail due to a cipher mismatch?
Thank you for the help,