OpenVPN Change Log
Copyright (C) 2002-2015 OpenVPN Technologies, Inc. <sales@openvpn.net>
+2016.11.02 -- Version 2.3.13
+Arne Schwabe (2):
+ Use AES ciphers in our sample configuration files and add a few modern 2.4 examples
+ Incorporate the Debian typo fixes where appropriate and make show_opt default message clearer
+
+David Sommerseth (4):
+ t_client.sh: Make OpenVPN write PID file to avoid various sudo issues
+ t_client.sh: Add support for Kerberos/ksu
+ t_client.sh: Improve detection if the OpenVPN process did start during tests
+ t_client.sh: Add prepare/cleanup possibilties for each test case
+
+Gert Doering (5):
+ Do not abort t_client run if OpenVPN instance does not start.
+ Fix t_client runs on OpenSolaris
+ make t_client robust against sudoers misconfiguration
+ add POSTINIT_CMD_suf to t_client.sh and sample config
+ Fix --multihome for IPv6 on 64bit BSD systems.
+
+Ilya Shipitsin (1):
+ skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto
+
+Lev Stipakov (2):
+ Exclude peer-id from pulled options digest
+ Fix compilation in pedantic mode
+
+Samuli Seppänen (1):
+ Automatically cache expected IPs for t_client.sh on the first run
+
+Steffan Karger (6):
+ Fix unittests for out-of-source builds
+ Make gnu89 support explicit
+ cleanup: remove code duplication in msg_test()
+ Update cipher-related man page text
+ Limit --reneg-bytes to 64MB when using small block ciphers
+ Add a revoked cert to the sample keys
+
+
2016.08.23 -- Version 2.3.12
Arne Schwabe (2):
Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it.
Behavioral changes
------------------
+- OpenVPN will complain loudly about ciphers with 128-bits block sizes or less
+
+- OpenVPN will by default re-negotiate the tunnel after 64MB when used with
+ ciphers using cipher blocks of 128-bits or less
+
- Remove --enable-password-save option to configure, this is now always enabled
- Disallow usage of --server-poll-timeout in --secret key mode
- Do not randomize resolving of IP addresses in getaddr()
+Version 2.3.13
+==============
+
+- Enforcing a new default value for --reneg-bytes for known weaker ciphers
+
+ Ciphers with cipher blocks less than 128 bits will now do a renegotiation
+ of the tunnel by default for every 64MB of data. This behaviour can be
+ overridden by explictly setting --reneg-bytes 0 in the configuration file,
+ however this is HIGHLY discouraged.
+
+ This is to reduce the risk for SWEET32 attacks. The general recommendation
+ is to change the cipher to a stronger cipher. For more information see:
+ https://community.openvpn.net/openvpn/wiki/SWEET32
+
+ OpenVPN will also complain a little bit more in the logs
+ when such weaker ciphers is detected.
+
+
Version 2.3.12
==============
dnl define the OpenVPN version
define([PRODUCT_NAME], [OpenVPN])
define([PRODUCT_TARNAME], [openvpn])
-define([PRODUCT_VERSION], [2.3.12])
+define([PRODUCT_VERSION], [2.3.13])
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,3,12,0])
+define([PRODUCT_VERSION_RESOURCE], [2,3,13,0])
dnl define the TAP version
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])
projects / thirdparty / openvpn.git / commitdiff
