How does tinc handle "unknown cipher"?
Fufu Fang
fangfufu2003 at gmail.com
Thu Mar 5 06:10:44 CET 2020
Hi,
So my Debian machines are all using the follow cipher + digest:
Cipher = chacha20-poly1305
Digest = blake2b512
However my OpenWRT router does not have chacha20-poly1305 and
blake2b512 in its SSL library, so it uses the following:
Cipher = aes-128-cbc
Digest = sha512
I am a bit surprised that the router's tinc manages to talk to Debian's
tinc, when I set a cipher suite that the router's SSL library does not
recognise.
I looked at the log, it triggers this line:
https://github.com/gsliepen/tinc/blob/master/src/protocol_auth.c#L297
I am just wondering, what happens after metakey_h() returns false? Does
tinc simply fall bacck to a more common cipher? Do the two clients
neogiate what to fallback to?
FF
More information about the tinc
mailing list