Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200815120522.1404-3-mkroken@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20748.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit e33f44754a5f81ea013070dba3cdc162f41d1257)
... | ... |
@@ -38,7 +38,7 @@ options to avoid this behaviour. |
38 | 38 |
OpenVPN 3 clients |
39 | 39 |
----------------- |
40 | 40 |
Clients based on the OpenVPN 3.x library (https://github.com/openvpn/openvpn3/) |
41 |
-do not have a configurable ``--ncp-ciphers`` or ``--data-cipher`` option. Instead |
|
41 |
+do not have a configurable ``--ncp-ciphers`` or ``--data-ciphers`` option. Instead |
|
42 | 42 |
these clients will announce support for all their supported AEAD ciphers |
43 | 43 |
(`AES-256-GCM`, `AES-128-GCM` and in newer versions also `Chacha20-Poly1305`). |
44 | 44 |
|
... | ... |
@@ -90,7 +90,7 @@ version. The default was never changed to ensure backwards compatibility. |
90 | 90 |
In OpenVPN 2.5 this behaviour has now been changed so that if the ``--cipher`` |
91 | 91 |
is not explicitly set it does not allow the weak ``BF-CBC`` cipher any more |
92 | 92 |
and needs to explicitly added as ``--cipher BFC-CBC`` or added to |
93 |
-``-data-ciphers``. |
|
93 |
+``--data-ciphers``. |
|
94 | 94 |
|
95 | 95 |
We strongly recommend to switching away from BF-CBC to a |
96 | 96 |
more secure cipher as soon as possible instead. |