[Openvpn-devel,0/7] change defaults and introduce compat-mode

Message ID 20210904095629.6273-1-a@unstable.cc
Headers show
  • change defaults and introduce compat-mode
Related show


Antonio Quartulli Sept. 4, 2021, 9:56 a.m.
This patchset is basically Arne's patch
"Modernise OpenVPN defaults and introduce '--compat-mode'"
divided in smaller patches in order to group relevant changes together,
make review easier and allow potential reverting/bisecting in the

* Patch 1 is a restyling;
* Patch 2 introduces the knob to let users specify the version to be
  compatible with;
* Patch 3, 4, 5 and 6 change defaults and introduce related compat-mode
* Patch 7 adds a generic warning to let user know that default have
  changed and something may not behave as expected, unless compat-mode is

This change is an important milestone that will allow us to move our
effort onto supporting ovpn-dco.


Antonio Quartulli (7):
  simplify condition detecting pure P2P mode
  compat-mode: allow user to specify version to be compatible with
  reject compression by default
  do not include --cipher value in data-ciphers
  compat-mode: add --data-cipher-fallback auomatically if requested
  set TLS 1.2 as minimum by default
  add message about changing default values

 Changes.rst                          |  23 ++++++
 doc/man-sections/generic-options.rst |  21 +++++
 src/openvpn/comp.h                   |   1 +
 src/openvpn/options.c                | 117 +++++++++++++++++++++++----
 src/openvpn/options.h                |   4 +
 src/openvpn/ssl_ncp.c                |  13 +++
 src/openvpn/ssl_ncp.h                |   8 ++
 7 files changed, 172 insertions(+), 15 deletions(-)