From patchwork Fri Sep  3 23:56:22 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 1939
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director12.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id kDnXDiBDM2FLLwAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Sat, 04 Sep 2021 05:57:52 -0400
Received: from proxy5.mail.ord1d.rsapps.net ([172.30.191.6])
	by director12.mail.ord1d.rsapps.net with LMTP
	id GIaPDiBDM2GrYwAAIasKDg
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Sat, 04 Sep 2021 05:57:52 -0400
Received: from smtp6.gate.ord1c ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy5.mail.ord1d.rsapps.net with LMTPS
	id iX51DiBDM2HISgAA8Zzt7w
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Sat, 04 Sep 2021 05:57:52 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp6.gate.ord1c.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Suspicious-Flag: YES
X-Classification-ID: 91229c62-0d66-11ec-af43-bc305bf03f9c-1-1
Received: from [216.105.38.7] ([216.105.38.7:57470]
 helo=lists.sourceforge.net)
	by smtp6.gate.ord1c.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id A4/65-13379-F1343316; Sat, 04 Sep 2021 05:57:52 -0400
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1mMSPm-0007e9-1t; Sat, 04 Sep 2021 09:56:46 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <a@unstable.cc>) id 1mMSPg-0007dy-IR
 for openvpn-devel@lists.sourceforge.net; Sat, 04 Sep 2021 09:56:40 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=owarCwKMpeRW9fhhH3+4tA5a0nl0gVHmm0XukG8uuzk=; b=mndvX6G+uk/HE56E6qlkgbq2Ud
 npTcOeeAzLxsGRqzOHCYlVGIqWy+SMuCAVGWHDZn+HaAuVbeITrqsNDcszQl55SDopMFNz2I/z8e5
 JAX8k1pEga7UsrMfRrNh1OPpF5JNVbM3CDBJsBH2qv2Pj8qiYHjDEk0kLWgq6ooV+fEE=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From
 :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
 References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
 List-Owner:List-Archive; bh=owarCwKMpeRW9fhhH3+4tA5a0nl0gVHmm0XukG8uuzk=; b=I
 NP86Dggq7XL6Yt6kchCch+C6RZ2d1xMHBUoTpUc+MGvMXIQ80odqIhoPgWVHORx3gT1Q+62tWab5V
 +EzjtbVsjkQ25M+nv7mT7QGbc57TAAE60HIxVb4yVe3kullWctceW1m6TaN9NX4v2qOvMQHlgN26e
 bzoB1YrqUzf/EgoM=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3)
 id 1mMSPf-00EOLU-HH
 for openvpn-devel@lists.sourceforge.net; Sat, 04 Sep 2021 09:56:40 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Sat,  4 Sep 2021 11:56:22 +0200
Message-Id: <20210904095629.6273-1-a@unstable.cc>
MIME-Version: 1.0
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  This patchset is basically Arne's patch "Modernise OpenVPN
 defaults and introduce '--compat-mode'" divided in smaller patches in order
 to group relevant changes together, make review easier and allow [...]
 Content analysis details:   (0.0 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
X-Headers-End: 1mMSPf-00EOLU-HH
Subject: [Openvpn-devel] [PATCH 0/7] change defaults and introduce
 compat-mode
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

This patchset is basically Arne's patch
"Modernise OpenVPN defaults and introduce '--compat-mode'"
divided in smaller patches in order to group relevant changes together,
make review easier and allow potential reverting/bisecting in the
future.

* Patch 1 is a restyling;
* Patch 2 introduces the knob to let users specify the version to be
  compatible with;
* Patch 3, 4, 5 and 6 change defaults and introduce related compat-mode
  values;
* Patch 7 adds a generic warning to let user know that default have
  changed and something may not behave as expected, unless compat-mode is
  used;

This change is an important milestone that will allow us to move our
effort onto supporting ovpn-dco.

Cheers,

Antonio Quartulli (7):
  simplify condition detecting pure P2P mode
  compat-mode: allow user to specify version to be compatible with
  reject compression by default
  do not include --cipher value in data-ciphers
  compat-mode: add --data-cipher-fallback auomatically if requested
  set TLS 1.2 as minimum by default
  add message about changing default values

 Changes.rst                          |  23 ++++++
 doc/man-sections/generic-options.rst |  21 +++++
 src/openvpn/comp.h                   |   1 +
 src/openvpn/options.c                | 117 +++++++++++++++++++++++----
 src/openvpn/options.h                |   4 +
 src/openvpn/ssl_ncp.c                |  13 +++
 src/openvpn/ssl_ncp.h                |   8 ++
 7 files changed, 172 insertions(+), 15 deletions(-)