More precision concerning the use of "auth"

From the OpenVPN wiki: >Authenticate data channel packets and (if enabled) tls-auth control channel packets with HMAC using message digest algorithm alg. (The default is SHA1 ). HMAC is a commonly used message authentication algorithm (MAC) that uses a data string, a secure hash algorithm, and a key, to produce a digital signature. >If an AEAD cipher mode (e.g. GCM) is chosen, the specified --auth algorithm is ignored for the data channel, and the authentication method of the AEAD cipher is used instead. Note that alg still specifies the digest used for tls-auth. Tl;DR: if we're using an AEAD cipher (AES GCM), `auth alg` won't have inpact on the impact channel, but only on the control channel if tls-auth/tls-crypt is enabled.
2025-07-01 12:04:22 +02:00 · 2017-09-17 11:11:08 +02:00 · 2017-09-17 11:11:08 +02:00 · 4ec6e24e81
commit 4ec6e24e81
parent d5e8a69426
1 changed files with 7 additions and 1 deletions
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -424,7 +424,13 @@ else
 			;;
 		esac
 	fi
-	echo "Choose which HMAC authentication algorithm you want to use"
+	if [[ $CIPHER != "1" && $CIPHER != "2" && $CIPHER != "3" ]]; then
+		echo "Choose which message digest algorithm you want to use for the tls-auth/tls-crypt control channel packets:"
+	fi
+	if [[ $CIPHER != "4" && $CIPHER != "5" && $CIPHER != "6" ]]; then
+		echo "Choose which message digest algorithm you want to use for the data channel packets"
+		echo "and the tls-auth/tls-crypt control channel packets:"
+	fi
 	echo "   1) SHA-256"
 	echo "   2) SHA-384 (recommended)"
 	echo "   3) SHA-512"