Browse code
Changes.rst: fix mistyped option names
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200815120522.1404-2-mkroken@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20749.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit bf911882532f87ae866fc3662bf7e1e136a2195e)
Magnus Kroken authored on 2020/08/15 21:05:21Showing 1 changed files
| ... | ... |
@@ -34,7 +34,7 @@ Improved Data channel cipher negotiation |
| 34 | 34 |
Removal of BF-CBC support in default configuration: |
| 35 | 35 |
By default OpenVPN 2.5 will only accept AES-256-GCM and AES-128-GCM as |
| 36 | 36 |
data ciphers. OpenVPN 2.4 allows AES-256-GCM,AES-128-GCM and BF-CBC when |
| 37 |
- no --cipher and --ncp-cipher options are present. Accepting BF-CBC can be |
|
| 37 |
+ no --cipher and --ncp-ciphers options are present. Accepting BF-CBC can be |
|
| 38 | 38 |
enabled by adding |
| 39 | 39 |
|
| 40 | 40 |
data-ciphers AES-256-GCM:AES-128-GCM:BF-CBC |
| ... | ... |
@@ -101,7 +101,7 @@ Linux VRF support |
| 101 | 101 |
TLS 1.3 support |
| 102 | 102 |
TLS 1.3 support has been added to OpenVPN. Currently, this requires |
| 103 | 103 |
OpenSSL 1.1.1+. |
| 104 |
- The options ``--tls-cipher-suites`` and ``--tls-groups`` have been |
|
| 104 |
+ The options ``--tls-ciphersuites`` and ``--tls-groups`` have been |
|
| 105 | 105 |
added to fine tune TLS protocol options. Most of the improvements |
| 106 | 106 |
were also backported to OpenVPN 2.4 as part of the maintainance |
| 107 | 107 |
releases. |
| ... | ... |
@@ -112,7 +112,7 @@ Support setting DHCP search domain |
| 112 | 112 |
wintun support yet). Other platforms need to support this via ``--up`` |
| 113 | 113 |
script (Linux) or GUI (OSX/Tunnelblick). |
| 114 | 114 |
|
| 115 |
-per-client changing of ``--data-cipher`` or ``data-ciphers-fallback`` |
|
| 115 |
+per-client changing of ``--data-ciphers`` or ``data-ciphers-fallback`` |
|
| 116 | 116 |
from client-connect script/dir (NOTE: this only changes preference of |
| 117 | 117 |
ciphers for NCP, but can not override what the client announces as |
| 118 | 118 |
"willing to accept") |
| ... | ... |
@@ -213,9 +213,9 @@ User-visible Changes |
| 213 | 213 |
the client configuration almost immediately as result of the |
| 214 | 214 |
faster connection setup feature. |
| 215 | 215 |
|
| 216 |
-- ``--compression`` is nowadays considered risky, because attacks exist |
|
| 216 |
+- ``--compress`` is nowadays considered risky, because attacks exist |
|
| 217 | 217 |
leveraging compression-inside-crypto to reveal plaintext (VORACLE). So |
| 218 |
- by default, ``--compression xxx`` will now accept incoming compressed |
|
| 218 |
+ by default, ``--compress xxx`` will now accept incoming compressed |
|
| 219 | 219 |
packets (for compatibility with peers that have not been upgraded yet), |
| 220 | 220 |
but will not use compression outgoing packets. This can be controlled with |
| 221 | 221 |
the new option ``--allow-compression yes|no|asym``. |