git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Fri, 10 Feb 2023 14:27:10 +0000 (15:27 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 14 Feb 2023 13:42:50 +0000 (14:42 +0100)
commit	4da513d584b4e7521de5a47a95cc27fa8a342fd3
tree	f77bd73e7b88836b75012e15a6342584be93a16f	tree
parent	9719393b7cf94d37f3706ca32c02433e8578599b	commit \| diff

Revise the cipher negotiation info about OpenVPN3 in the man page

Newer OpenVPN 3 core versions now allow limited configuration of ciphers:

    // Allow usage of legacy (cipher) algorithm that are no longer
    // considered safe
    // This includes BF-CBC, single DES and RC2 private key encryption.
    // With OpenSSL 3.0 this also instructs OpenSSL to load the legacy
    // provider.
    bool enableLegacyAlgorithms = false;

    // By default modern OpenVPN version (OpenVPN 2.6 and OpenVPN core
    // 3.7) will only allow
    // preferred algorithms (AES-GCM, Chacha20-Poly1305) that also work
    // with the newer DCO
    // implementations. If this is enabled, we fall back to allowing all
    // algorithms (if these are
    // supported by the crypto library)
    bool enableNonPreferredDCAlgorithms = false;

Adjust the man page section accordingly but only really mention the AEAD
ciphers to be always present and that they should be included in the
data-ciphers option.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230210142712.572303-7-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26226.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>