@@ -10,6 +10,10 @@
``--allow-deprecated-insecure-static-crypto`` but will be removed in
OpenVPN 2.8.
+```tls-exit``` has been deprecated since it is unclear what the use case
+ for this option is. If you have a valid use case, please reach out since
+ the will otherwise be removed in the future.
+
Overview of changes in 2.6
==========================
@@ -553,7 +553,7 @@
code.
--tls-exit
- Exit on TLS negotiation failure.
+ **DEPRECATED** Exit on TLS negotiation failure.
--tls-export-cert directory
Store the certificates the clients use upon connection to this
@@ -608,7 +608,7 @@
"--tran-window n : Transition window -- old key can live this many seconds\n"
" after new key renegotiation begins (default=%d).\n"
"--single-session: Allow only one session (reset state on restart).\n"
- "--tls-exit : Exit on TLS negotiation failure.\n"
+ "--tls-exit : (DEPRECATED) Exit on TLS negotiation failure.\n"
"--tls-auth f [d]: Add an additional layer of authentication on top of the TLS\n"
" control channel to protect against attacks on the TLS stack\n"
" and DoS attacks.\n"
@@ -8960,6 +8960,7 @@
}
else if (streq(p[0], "tls-exit") && !p[1])
{
+ msg(M_WARN, "DEPRECATED OPTION: The option --tls-exit is deprecated.");
VERIFY_PERMISSION(OPT_P_GENERAL);
options->tls_exit = true;
}
Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/447?usp=email to review the following change. Change subject: Deprecate tls-exit option ...................................................................... Deprecate tls-exit option This option is questionable and I cannot see any reason to actually use it. Change-Id: I93afff2372c4150d6bddc8c07fd4ebc8bfb0cc3e --- M Changes.rst M doc/man-sections/tls-options.rst M src/openvpn/options.c 3 files changed, 7 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/47/447/1