This fixes the bug of supporting --no-iv (since we're only accepting
bugfixes in the current release phase ;) ).
The --no-iv function decreases security if used (CBC *requires*
unpredictable IVs, other modes don't allow --no-iv at all), and even
marginally decreases other user's security by adding unwanted
complexity to our code.
Let's get rid of this.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <
1481138447-6292-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13430.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
X.509 subject formatting must be updated to the standardized formatting. See
the man page for more information.
+- ``--no-iv`` is deprecated in 2.4 and will be remove in 2.5.
+
User-visible Changes
--------------------
- For certificate DNs with duplicate fields, e.g. "OU=one,OU=two", both fields
.\"*********************************************************
.TP
.B \-\-no\-iv
+
+.B DEPRECATED
+This option will be removed in OpenVPN 2.5.
+
(Advanced) Disable OpenVPN's use of IV (cipher initialization vector).
Don't use this option unless you are prepared to make
a tradeoff of greater efficiency in exchange for less
{
msg (M_USAGE, "--no-iv not allowed when NCP is enabled.");
}
+ if (!options->use_iv)
+ {
+ msg (M_WARN, "WARNING: --no-iv is deprecated and will be removed in 2.5");
+ }
/*
* Check consistency of replay options
projects / thirdparty / openvpn.git / commitdiff
