Hi, So my Debian machines are all using the follow cipher + digest: Cipher = chacha20-poly1305 Digest = blake2b512 However my OpenWRT router does not have chacha20-poly1305 and blake2b512 in its SSL library, so it uses the following: Cipher = aes-128-cbc Digest = sha512 I am a bit surprised that the router's tinc manages to talk to Debian's tinc, when I set a cipher suite that the router's SSL library does not recognise. I looked at the log, it triggers this line: https://github.com/gsliepen/tinc/blob/master/src/protocol_auth.c#L297 I am just wondering, what happens after metakey_h() returns false? Does tinc simply fall bacck to a more common cipher? Do the two clients neogiate what to fallback to? FF