[Openvpn-devel,v2] documentation: make section levels consistent

Message ID 20240325071520.12513-1-gert@greenie.muc.de
State Accepted
Headers show
Series [Openvpn-devel,v2] documentation: make section levels consistent | expand

Commit Message

Gert Doering March 25, 2024, 7:15 a.m. UTC
From: Frank Lichtenheld <frank@lichtenheld.com>

Previously the sections "Encryption Options" and
"Data channel cipher negotiation" were on the same
level as "OPTIONS", which makes no sense. Instead
move them and their subsections one level down.

Use ` since that was already in use in section
"Virtual Routing and Forwarding".

Change-Id: Ib5a7f9a978bda5ad58830e43580232660401f66d
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/527
This mail reflects revision 2 of this Change.

Acked-by according to Gerrit (reflected above):
Arne Schwabe <arne-openvpn@rfc2549.org>


Gert Doering March 25, 2024, 3:25 p.m. UTC | #1
Your patch has been applied to the master and release/2.6 branch (doc).

commit 3fdf5aa04f7b96a3b7110f75306306ac5d7ed5fd (master)
commit 7993084c7f2b537e20a0a0d67385733d7d56688c (release/2.6)
Author: Frank Lichtenheld
Date:   Mon Mar 25 08:15:20 2024 +0100

     documentation: make section levels consistent

     Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
     Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
     Message-Id: <20240325071520.12513-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28453.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>

kind regards,

Gert Doering


diff --git a/doc/man-sections/cipher-negotiation.rst b/doc/man-sections/cipher-negotiation.rst
index 949ff86..1285e82 100644
--- a/doc/man-sections/cipher-negotiation.rst
+++ b/doc/man-sections/cipher-negotiation.rst
@@ -1,12 +1,12 @@ 
 Data channel cipher negotiation
 OpenVPN 2.4 and higher have the capability to negotiate the data cipher that
 is used to encrypt data packets. This section describes the mechanism in more detail and the
 different backwards compatibility mechanism with older server and clients.
 OpenVPN 2.5 and later behaviour
 When both client and server are at least running OpenVPN 2.5, that the order of
 the ciphers of the server's ``--data-ciphers`` is used to pick the data cipher.
 That means that the first cipher in that list that is also in the client's
@@ -25,7 +25,7 @@ 
 ``--cipher`` option to this list.
 OpenVPN 2.4 clients
 The negotiation support in OpenVPN 2.4 was the first iteration of the implementation
 and still had some quirks. Its main goal was "upgrade to AES-256-GCM when possible".
 An OpenVPN 2.4 client that is built against a crypto library that supports AES in GCM
@@ -40,7 +40,7 @@ 
 options to avoid this behaviour.
 OpenVPN 3 clients
 Clients based on the OpenVPN 3.x library (https://github.com/openvpn/openvpn3/)
 do not have a configurable ``--ncp-ciphers`` or ``--data-ciphers`` option. Newer
 versions by default disable legacy AES-CBC, BF-CBC, and DES-CBC ciphers.
@@ -52,7 +52,7 @@ 
 OpenVPN 2.3 and older clients (and clients with ``--ncp-disable``)
 When a client without cipher negotiation support connects to a server the
 cipher specified with the ``--cipher`` option in the client configuration
 must be included in the ``--data-ciphers`` option of the server to allow
@@ -65,7 +65,7 @@ 
 cipher used by the client is necessary.
 OpenVPN 2.4 server
 When a client indicates support for `AES-128-GCM` and `AES-256-GCM`
 (with ``IV_NCP=2``) an OpenVPN 2.4 server will send the first
 cipher of the ``--ncp-ciphers`` to the OpenVPN client regardless of what
@@ -76,7 +76,7 @@ 
 those ciphers are present.
 OpenVPN 2.3 and older servers (and servers with ``--ncp-disable``)
 The cipher used by the server must be included in ``--data-ciphers`` to
 allow the client connecting to a server without cipher negotiation
@@ -89,7 +89,7 @@ 
 cipher used by the server is necessary.
 Blowfish in CBC mode (BF-CBC) deprecation
 The ``--cipher`` option defaulted to `BF-CBC` in OpenVPN 2.4 and older
 version. The default was never changed to ensure backwards compatibility.
 In OpenVPN 2.5 this behaviour has now been changed so that if the ``--cipher``
diff --git a/doc/man-sections/encryption-options.rst b/doc/man-sections/encryption-options.rst
index 3b26782..49385d6 100644
--- a/doc/man-sections/encryption-options.rst
+++ b/doc/man-sections/encryption-options.rst
@@ -1,8 +1,8 @@ 
 Encryption Options
 SSL Library information
   (Standalone) Show all cipher algorithms to use with the ``--cipher``
@@ -32,7 +32,7 @@ 
   ``--ecdh-curve`` and ``tls-groups`` options.
 Generating key material
 --genkey args
   (Standalone) Generate a key to be used of the type keytype. if keyfile
diff --git a/doc/man-sections/pkcs11-options.rst b/doc/man-sections/pkcs11-options.rst
index de1662b..dfc27af 100644
--- a/doc/man-sections/pkcs11-options.rst
+++ b/doc/man-sections/pkcs11-options.rst
@@ -1,5 +1,5 @@ 
 PKCS#11 / SmartCard options
 --pkcs11-cert-private args
   Set if access to certificate object should be performed after login.
diff --git a/doc/man-sections/renegotiation.rst b/doc/man-sections/renegotiation.rst
index c548440..1e7c340 100644
--- a/doc/man-sections/renegotiation.rst
+++ b/doc/man-sections/renegotiation.rst
@@ -1,5 +1,5 @@ 
 Data Channel Renegotiation
 When running OpenVPN in client/server mode, the data channel will use a
 separate ephemeral encryption key which is rotated at regular intervals.
diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst
index 460cecf..de74c0d 100644
--- a/doc/man-sections/tls-options.rst
+++ b/doc/man-sections/tls-options.rst
@@ -1,5 +1,5 @@ 
 TLS Mode Options
 TLS mode is the most powerful crypto mode of OpenVPN in both security
 and flexibility. TLS mode works by establishing control and data