GitList

Browse code

Make --cipher/--auth none more explicit on the risks

The warning provided to --cipher and --auth using the 'none' setting may
not have been too clearly understandable to non-developers or people not
fully understanding encryption and cryptography. This tries to improve
that.

While at it, also break up the long source lines.

Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170410222828.23612-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14436.html
Signed-off-by: David Sommerseth <davids@openvpn.net>

David Sommerseth authored on 2017/04/11 07:28:28
Showing 2 changed files

src/openvpn/crypto.c

History View file @ 7a1b6a0

@@ -784,7 +784,10 @@ init_key_type(struct key_type *kt, const char *ciphername,
     {
         if (warn)
         {
-            msg(M_WARN, "******* WARNING *******: null cipher specified, no encryption will be used");
+            msg(M_WARN, "******* WARNING *******: '--cipher none' was specified. "
+                "This means NO encryption will be performed and tunnelled "
+                "data WILL be transmitted in clear text over the network! "
+                "PLEASE DO RECONSIDER THIS SETTING!");
         }
     }
     if (strcmp(authname, "none") != 0)
@@ -804,7 +807,11 @@ init_key_type(struct key_type *kt, const char *ciphername,
     {
         if (warn)
         {
-            msg(M_WARN, "******* WARNING *******: null MAC specified, no authentication will be used");
+            msg(M_WARN, "******* WARNING *******: '--auth none' was specified. "
+                "This means no authentication will be performed on received "
+                "packets, meaning you CANNOT trust that the data received by "
+                "the remote side have NOT been manipulated. "
+                "PLEASE DO RECONSIDER THIS SETTING!");
         }
     }
 }

src/openvpn/init.c

History View file @ 7a1b6a0

@@ -2745,7 +2745,10 @@ do_init_crypto_none(const struct context *c)
+                     {
                          ASSERT(!c->options.test_crypto);
                          msg(M_WARN,
                     -        "******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext");
                     +        "******* WARNING *******: All encryption and authentication features "
                     +        "disabled -- All data will be tunnelled as clear text and will not be "
                     +        "protected against man-in-the-middle changes. "
                     +        "PLEASE DO RECONSIDER THIS CONFIGURATION!");
+                     }
                      #endif /* ifdef ENABLE_CRYPTO */

...	...	@@ -784,7 +784,10 @@ init_key_type(struct key_type kt, const char ciphername,
784	784	{
785	785	if (warn)
786	786	{
787		- msg(M_WARN, "***** WARNING *****: null cipher specified, no encryption will be used");
	787	+ msg(M_WARN, "***** WARNING *****: '--cipher none' was specified. "
	788	+ "This means NO encryption will be performed and tunnelled "
	789	+ "data WILL be transmitted in clear text over the network! "
	790	+ "PLEASE DO RECONSIDER THIS SETTING!");
788	791	}
789	792	}
790	793	if (strcmp(authname, "none") != 0)
...	...	@@ -804,7 +807,11 @@ init_key_type(struct key_type kt, const char ciphername,
804	804	{
805	805	if (warn)
806	806	{
807		- msg(M_WARN, "***** WARNING *****: null MAC specified, no authentication will be used");
	807	+ msg(M_WARN, "***** WARNING *****: '--auth none' was specified. "
	808	+ "This means no authentication will be performed on received "
	809	+ "packets, meaning you CANNOT trust that the data received by "
	810	+ "the remote side have NOT been manipulated. "
	811	+ "PLEASE DO RECONSIDER THIS SETTING!");
808	812	}
809	813	}
810	814	}