From: Frank Lichtenheld <frank@lichtenheld.com>
Date: Tue, 10 Feb 2026 15:20:30 +0000 (+0100)
Subject: crypto: Do not claim we will remove support for BF-CBC in 2.7
X-Git-Tag: v2.7.0~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f6004dc45e686fd2f0d9b5f9ffd342dfa85543f9;p=thirdparty%2Fopenvpn.git

crypto: Do not claim we will remove support for BF-CBC in 2.7

Change-Id: Ie35099b114c510e55292090c34b9d950b1f03947
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1511
Message-Id: <20260210152035.1273-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35565.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index e3d1fa588..9a4269cd2 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -863,7 +863,7 @@ warn_insecure_key_type(const char *ciphername)
             " bit (%d bit).  This allows attacks like SWEET32.  Mitigate by "
             "using a --cipher with a larger block size (e.g. AES-256-CBC). "
             "Support for these insecure ciphers will be removed in "
-            "OpenVPN 2.7.",
+            "OpenVPN 2.8.",
             ciphername, cipher_kt_block_size(ciphername) * 8);
     }
 }