From patchwork Sat Aug 15 02:05:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Magnus Kroken X-Patchwork-Id: 1392 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 4I2rDtnPN19CWgAAIUCqbw for ; Sat, 15 Aug 2020 08:06:49 -0400 Received: from proxy9.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id gHuHDtnPN19HAwAAovjBpQ (envelope-from ) for ; Sat, 15 Aug 2020 08:06:49 -0400 Received: from smtp6.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy9.mail.ord1d.rsapps.net with LMTP id eA5NDtnPN1+mYAAA7h+8OQ ; Sat, 15 Aug 2020 08:06:49 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp6.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: cbaeda86-deef-11ea-a7d9-52540050e3e0-1-1 Received: from [216.105.38.7] ([216.105.38.7:33676] helo=lists.sourceforge.net) by smtp6.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 6B/E7-09530-8DFC73F5; Sat, 15 Aug 2020 08:06:49 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1k6uwo-0004Z5-L8; Sat, 15 Aug 2020 12:06:06 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k6uwl-0004Ys-Gv for openvpn-devel@lists.sourceforge.net; Sat, 15 Aug 2020 12:06:03 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=dEqzIOySBlj9GWxQBBZm43uhy4rwY8NpHh+fxZUWnTg=; b=jIP7O6j8g2+8Q/ZVHOE9oQTS3R B8Oghl1na6yzBhfKlN9aIcjvNpqm8sfjwKKNtjfmv78aSHEBQMF9v6kjbdcVyitgaJOJwb38acipi Kfjf5sLMPsjBH+fLNVCdbZCpW6R6vzNeKZuAkUbRtcrDcsyam9kd3ftkduMgl0sl9Mso=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=dEqzIOySBlj9GWxQBBZm43uhy4rwY8NpHh+fxZUWnTg=; b=OjKmXdcI4mEANxpo00JvYRBuDR X+kojK5Lyk+c9JtkLl9aWRPzN2BTZ3jtwEpNNkRKu1T3PFC5SC2pXgE2GWJYhZW2l+BXe5al1ZdT7 N7uEBxrCPc0H1NMolYpG0Qhy6Bivq45SfLN/Nbbnz3b0VtfGkN+3wN3Ob/fKOfSWtM28=; Received: from mail-wm1-f68.google.com ([209.85.128.68]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2) id 1k6uwk-00CJVZ-8u for openvpn-devel@lists.sourceforge.net; Sat, 15 Aug 2020 12:06:03 +0000 Received: by mail-wm1-f68.google.com with SMTP id c80so9511579wme.0 for ; Sat, 15 Aug 2020 05:06:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dEqzIOySBlj9GWxQBBZm43uhy4rwY8NpHh+fxZUWnTg=; b=CvAb8OxN4Y+hF2p2u3Khtwj60uCIgyGtx2yrWxUFLd4ndauIJZvtC1dZN7fZizHnTc K2GRNWXiSHOJeQcXWZPkKKFbD7zKslXrxodq58pQigN4AjzT7Gfl8AfryU8Y6IqR6Zru MMj15DwBYLQ5gc9P6RclljTvbD2Z0nEC+IRmDTNcZTWI/tXA+ruh5YoIN+W/pMtmO5xh LM93sWvjlAi2B3DtxBZcfLBR/Y+duFfk43eFR2mz7qsSUkIBGNnkYCSXlq3hD75ce6GA kXt5HitKTqZ4oJAL4QB2AyYbLVeWEjjsPWyfxF9M7HvHpY9yH6/pSMB58mZhlaD9Lu0P pTcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dEqzIOySBlj9GWxQBBZm43uhy4rwY8NpHh+fxZUWnTg=; b=PJunppIB0pe91k/qk+DHKCuPq8acBObj4zjg9mIHuQDgjZH2zkLaDLtkai/rL3MUTw 5LiMucM/qdV7ZDlmtIsM+jCfcYatLww/SM4jF4uj3JgPahEQ0b4vha/ryuva1V7u0keX 55lWAvhC2OpyKhJBDplau9G3NXm4+o0az4B9ynxfCtnHhQqQlfovb4zzXDTQdQmsX+Ul cE8EANFswjDKAFuhiZYoB8Wnc0SOWzlLOtO8uCtEiGc+e0g1mdtwhpamdZEq9lZ53bBb nwwRL399/GiFJe9HxnZSRuJ+CyjJEaECvmpXgC31DV41DtSc2vXUr+YKv8EVrsoyPupQ WoGw== X-Gm-Message-State: AOAM532JdoYV1IZN+J2QrIO60NfjxENwHbEQ4NWpTRjwVB8UW+CHQHcG 1cNPCwXC7kNp2wU2ugIbvVgQ7AsnSS4= X-Google-Smtp-Source: ABdhPJzk84CNISTsHqGV5qLajbERKlZjX9Sj8u7SGkUR5cJiwv3FjyMC0jTeoxCit4TGG61X6+B6+w== X-Received: by 2002:a1c:43c3:: with SMTP id q186mr6921438wma.144.1597493155708; Sat, 15 Aug 2020 05:05:55 -0700 (PDT) Received: from localhost.localdomain (209.89-10-150.nextgentel.com. [89.10.150.209]) by smtp.gmail.com with ESMTPSA id y203sm21542870wmc.29.2020.08.15.05.05.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Aug 2020 05:05:55 -0700 (PDT) From: Magnus Kroken To: openvpn-devel@lists.sourceforge.net Date: Sat, 15 Aug 2020 14:05:22 +0200 Message-Id: <20200815120522.1404-3-mkroken@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200815120522.1404-1-mkroken@gmail.com> References: <20200815120522.1404-1-mkroken@gmail.com> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mkroken[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.68 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.68 listed in wl.mailspike.net] -0.1 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1k6uwk-00CJVZ-8u Subject: [Openvpn-devel] [PATCH 2/2] doc: fix typos in cipher-negotiation.rst X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Signed-off-by: Magnus Kroken --- doc/man-sections/cipher-negotiation.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man-sections/cipher-negotiation.rst b/doc/man-sections/cipher-negotiation.rst index f1433052..a2feb5f9 100644 --- a/doc/man-sections/cipher-negotiation.rst +++ b/doc/man-sections/cipher-negotiation.rst @@ -38,7 +38,7 @@ options to avoid this behaviour. OpenVPN 3 clients ----------------- Clients based on the OpenVPN 3.x library (https://github.com/openvpn/openvpn3/) -do not have a configurable ``--ncp-ciphers`` or ``--data-cipher`` option. Instead +do not have a configurable ``--ncp-ciphers`` or ``--data-ciphers`` option. Instead these clients will announce support for all their supported AEAD ciphers (`AES-256-GCM`, `AES-128-GCM` and in newer versions also `Chacha20-Poly1305`). @@ -90,7 +90,7 @@ version. The default was never changed to ensure backwards compatibility. In OpenVPN 2.5 this behaviour has now been changed so that if the ``--cipher`` is not explicitly set it does not allow the weak ``BF-CBC`` cipher any more and needs to explicitly added as ``--cipher BFC-CBC`` or added to -``-data-ciphers``. +``--data-ciphers``. We strongly recommend to switching away from BF-CBC to a more secure cipher as soon as possible instead.