diff options
author | Arne Schwabe | 2023-02-14 12:20:44 +0100 |
---|---|---|
committer | Gert Doering | 2023-03-03 17:30:30 +0100 |
commit | 7538557108f6add04f835eb161cb0a33610c6b14 (patch) | |
tree | 765d06364f71bfa16385e7a26b397c52b4399f0a /src/openvpn/crypto.c | |
parent | 7fdf3e7ad711e1583e960798848c7d7f94e1ad8a (diff) | |
download | openvpn-7538557108f6add04f835eb161cb0a33610c6b14.zip openvpn-7538557108f6add04f835eb161cb0a33610c6b14.tar.gz |
Reduce initialisation spam from verb <= 3 and print summary instead
The messages about cipher initialisation are currently very noisy,
especially if tls-auth/tls-crypt is in use.
Typically messages like this is display for AES-256-CBC with SHA256:
Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
in addition to the tls-crypt/tls-auth messages that has the amount of
messages.
These message are not that helpful. The only meaningful information is
better suited in compat messages. This commit moves the spammy messages
to verb 4 and consistently prints out the cipher/auth used in the data
channel instead on verb 2:
Data Channel: cipher 'AES-256-CBC' auth 'SHA256'
This patches also summarises other aspects of the imported options for VPN
connection and prints them (even if not coming from pulled options):
Data Channel: cipher 'AES-256-GCM'
Timers: ping 8, ping-restart 40
Protocol options: explicit-exit-notify 1, protocol-flags tls-ekm
And move the OPTIONS IMPORT: xx modified that are included in the new
messages to D_PUSH_DEBUG (verb 7) since they do not add any useful
information anymore.
Patch v2: also compile with compression disabled
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230214112044.1021962-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26249.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit c333a0c05f9d454efb38fc04c1dca1413bfc48ff)
Diffstat (limited to 'src/openvpn/crypto.c')
-rw-r--r-- | src/openvpn/crypto.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 073f47e..5e1c495 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -835,7 +835,7 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher, enc); const char *ciphername = cipher_kt_name(kt->cipher); - msg(D_HANDSHAKE, "%s: Cipher '%s' initialized with %d bit key", + msg(D_CIPHER_INIT, "%s: Cipher '%s' initialized with %d bit key", prefix, ciphername, cipher_kt_key_size(kt->cipher) * 8); dmsg(D_SHOW_KEYS, "%s: CIPHER KEY: %s", prefix, @@ -850,7 +850,7 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, ctx->hmac = hmac_ctx_new(); hmac_ctx_init(ctx->hmac, key->hmac, kt->digest); - msg(D_HANDSHAKE, + msg(D_CIPHER_INIT, "%s: Using %d bit message hash '%s' for HMAC authentication", prefix, md_kt_size(kt->digest) * 8, md_kt_name(kt->digest)); |