Dmitry Melekhov
2017-04-14 19:25:04 UTC
Hello!
Just wrote on 2.4.1 server
ncp-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM
by mistake and then can not connect using 2.4.1 client,
because server pushed AES-256-CBC to client and it is not in ncp-ciphers
default client list.
Yes, this is documented:
"For servers, the first cipher from cipher_list will be pushed to
clients that support cipher negotiation." , but is it really negotiation,
if server pushes only one cipher to client and there are two ciphers in
list on client and server they can use and no connection because
server chooses only first from list ? :-(
I guess negotiation is choosing cipher from both sides list...
Thank you!
Just wrote on 2.4.1 server
ncp-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM
by mistake and then can not connect using 2.4.1 client,
because server pushed AES-256-CBC to client and it is not in ncp-ciphers
default client list.
Yes, this is documented:
"For servers, the first cipher from cipher_list will be pushed to
clients that support cipher negotiation." , but is it really negotiation,
if server pushes only one cipher to client and there are two ciphers in
list on client and server they can use and no connection because
server chooses only first from list ? :-(
I guess negotiation is choosing cipher from both sides list...
Thank you!