Message ID | 20211213150950.3993881-1-arne@rfc2549.org |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] Move deprecation of SWEET32/64bit block size ciphers to 2.7 | expand |
Acked-by: Gert Doering <gert@greenie.muc.de> As agreed on IRC. 2.6 will already make BF-CBC inconvenient to use (so, hopefully, more people will migrate off it), but let's not make it too annoying. Your patch has been applied to the master branch. commit 7f2d7dbf986fd7233eabb250b35bf7c3112d3e37 Author: Arne Schwabe Date: Mon Dec 13 16:09:50 2021 +0100 Move deprecation of SWEET32/64bit block size ciphers to 2.7 Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20211213150950.3993881-1-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23402.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
Hi, On Mon, Dec 13, 2021 at 06:45:55PM +0100, Gert Doering wrote: > Acked-by: Gert Doering <gert@greenie.muc.de> > > As agreed on IRC. 2.6 will already make BF-CBC inconvenient to use > (so, hopefully, more people will migrate off it), but let's not make > it too annoying. > > Your patch has been applied to the master branch. ... and release/2.5 > commit 7f2d7dbf986fd7233eabb250b35bf7c3112d3e37 commit 4e5e687fb63bb8cb72862c33775e88dec844c136 (HEAD -> release/2.5) > Author: Arne Schwabe > Date: Mon Dec 13 16:09:50 2021 +0100 > > Move deprecation of SWEET32/64bit block size ciphers to 2.7 > > Acked-by: Gert Doering <gert@greenie.muc.de> > Message-Id: <20211213150950.3993881-1-arne@rfc2549.org> > URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23402.html > Signed-off-by: Gert Doering <gert@greenie.muc.de> > > > -- > kind regards, > > Gert Doering > > > > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 36f880433..c4cf72a55 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -721,7 +721,7 @@ warn_insecure_key_type(const char *ciphername) " bit (%d bit). This allows attacks like SWEET32. Mitigate by " "using a --cipher with a larger block size (e.g. AES-256-CBC). " "Support for these insecure ciphers will be removed in " - "OpenVPN 2.6.", + "OpenVPN 2.7.", ciphername, cipher_kt_block_size(ciphername)*8); } }