From: Magnus Kroken Date: Sat, 15 Aug 2020 12:05:22 +0000 (+0200) Subject: doc: fix typos in cipher-negotiation.rst X-Git-Tag: v2.6_beta1~722 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e33f44754a5f81ea013070dba3cdc162f41d1257;p=thirdparty%2Fopenvpn.git doc: fix typos in cipher-negotiation.rst Signed-off-by: Magnus Kroken Acked-by: Gert Doering Message-Id: <20200815120522.1404-3-mkroken@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20748.html Signed-off-by: Gert Doering --- diff --git a/doc/man-sections/cipher-negotiation.rst b/doc/man-sections/cipher-negotiation.rst index f14330523..a2feb5f9c 100644 --- a/doc/man-sections/cipher-negotiation.rst +++ b/doc/man-sections/cipher-negotiation.rst @@ -38,7 +38,7 @@ options to avoid this behaviour. OpenVPN 3 clients ----------------- Clients based on the OpenVPN 3.x library (https://github.com/openvpn/openvpn3/) -do not have a configurable ``--ncp-ciphers`` or ``--data-cipher`` option. Instead +do not have a configurable ``--ncp-ciphers`` or ``--data-ciphers`` option. Instead these clients will announce support for all their supported AEAD ciphers (`AES-256-GCM`, `AES-128-GCM` and in newer versions also `Chacha20-Poly1305`). @@ -90,7 +90,7 @@ version. The default was never changed to ensure backwards compatibility. In OpenVPN 2.5 this behaviour has now been changed so that if the ``--cipher`` is not explicitly set it does not allow the weak ``BF-CBC`` cipher any more and needs to explicitly added as ``--cipher BFC-CBC`` or added to -``-data-ciphers``. +``--data-ciphers``. We strongly recommend to switching away from BF-CBC to a more secure cipher as soon as possible instead.