@@ -149,8 +149,9 @@ show_available_ciphers(void)
#ifndef ENABLE_SMALL
printf("The following ciphers and cipher modes are available for use\n"
"with " PACKAGE_NAME ". Each cipher shown below may be used as a\n"
- "parameter to the --cipher option. Using a CBC or GCM mode is\n"
- "recommended. In static key mode only CBC mode is allowed.\n\n");
+ "parameter to the --data-ciphers (or --cipher) option. Using a\n"
+ "GCM or CBC mode is recommended. In static key mode only CBC\n"
+ "mode is allowed.\n\n");
#endif
while (*ciphers != 0)
@@ -287,11 +287,11 @@ show_available_ciphers(void)
size_t num_ciphers = 0;
#ifndef ENABLE_SMALL
printf("The following ciphers and cipher modes are available for use\n"
- "with " PACKAGE_NAME ". Each cipher shown below may be use as a\n"
- "parameter to the --cipher option. The default key size is\n"
- "shown as well as whether or not it can be changed with the\n"
- "--keysize directive. Using a CBC or GCM mode is recommended.\n"
- "In static key mode only CBC mode is allowed.\n\n");
+ "with " PACKAGE_NAME ". Each cipher shown below may be used as a\n"
+ "parameter to the --data-ciphers (or --cipher) option. The\n"
+ "default key size is shown as well as whether or not it can be\n"
+ "changed with the --keysize directive. Using a GCM or CBC mode\n"
+ "is recommended. In static key mode only CBC mode is allowed.\n\n");
#endif
for (nid = 0; nid < 10000; ++nid)
Also: * fix a typo in the openssl output ("may be use*d*") * mention GCM before CBC (we prefer AEAD modes) Signed-off-by: Steffan Karger <steffan.karger@foxcrypto.com> --- src/openvpn/crypto_mbedtls.c | 5 +++-- src/openvpn/crypto_openssl.c | 10 +++++----- 2 files changed, 8 insertions(+), 7 deletions(-)