From e33f44754a5f81ea013070dba3cdc162f41d1257 Mon Sep 17 00:00:00 2001 From: Magnus Kroken Date: Sat, 15 Aug 2020 14:05:22 +0200 Subject: [PATCH] doc: fix typos in cipher-negotiation.rst Signed-off-by: Magnus Kroken Acked-by: Gert Doering Message-Id: <20200815120522.1404-3-mkroken@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20748.html Signed-off-by: Gert Doering --- doc/man-sections/cipher-negotiation.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man-sections/cipher-negotiation.rst b/doc/man-sections/cipher-negotiation.rst index f14330523..a2feb5f9c 100644 --- a/doc/man-sections/cipher-negotiation.rst +++ b/doc/man-sections/cipher-negotiation.rst @@ -38,7 +38,7 @@ options to avoid this behaviour. OpenVPN 3 clients ----------------- Clients based on the OpenVPN 3.x library (https://github.com/openvpn/openvpn3/) -do not have a configurable ``--ncp-ciphers`` or ``--data-cipher`` option. Instead +do not have a configurable ``--ncp-ciphers`` or ``--data-ciphers`` option. Instead these clients will announce support for all their supported AEAD ciphers (`AES-256-GCM`, `AES-128-GCM` and in newer versions also `Chacha20-Poly1305`). @@ -90,7 +90,7 @@ version. The default was never changed to ensure backwards compatibility. In OpenVPN 2.5 this behaviour has now been changed so that if the ``--cipher`` is not explicitly set it does not allow the weak ``BF-CBC`` cipher any more and needs to explicitly added as ``--cipher BFC-CBC`` or added to -``-data-ciphers``. +``--data-ciphers``. We strongly recommend to switching away from BF-CBC to a more secure cipher as soon as possible instead. -- 2.47.2