diff options
| author | David Sommerseth | 2020-07-17 19:15:44 +0200 |
|---|---|---|
| committer | Gert Doering | 2020-07-18 10:58:33 +0200 |
| commit | 4b4b34da9811da9e6912c89cd68be3cfe1684a97 (patch) | |
| tree | 222f6ec6b659e30863c12a093d6e17c8965e1f65 | |
| parent | 19fab1f6cf71715f84d09d6a8b49698b0ae42cd1 (diff) | |
| download | openvpn-4b4b34da9811da9e6912c89cd68be3cfe1684a97.zip openvpn-4b4b34da9811da9e6912c89cd68be3cfe1684a97.tar.gz | |
Remove --no-iv
This finializes the depreacation started in OpenVPN 2.4, where --no-iv
was made into a NOOP option.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200717171544.21632-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20460.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
| -rw-r--r-- | Changes.rst | 3 | ||||
| -rw-r--r-- | doc/man-sections/server-options.rst | 2 | ||||
| -rw-r--r-- | doc/man-sections/unsupported-options.rst | 2 | ||||
| -rw-r--r-- | src/openvpn/options.c | 5 |
4 files changed, 5 insertions, 7 deletions
diff --git a/Changes.rst b/Changes.rst index 18b03e4..e522869 100644 --- a/Changes.rst +++ b/Changes.rst @@ -34,6 +34,9 @@ https://community.openvpn.net/openvpn/wiki/DeprecatedOptions With the improved and matured data channel cipher negotiation, the use of ``ncp-disable`` should not be necessary anymore. +- ``no-iv`` has been removed + This option was made into a NOOP option with OpenVPN 2.4. This has now + been completely removed. Overview of changes in 2.4 ========================== diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index c24aec0..c8e9fc6 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -399,7 +399,7 @@ fast hardware. SSL/TLS authentication must be used in this mode. ``link-mtu``, ``tun-mtu``, ``proto``, ``ifconfig``, ``comp-lzo``, ``fragment``, ``keydir``, ``cipher``, ``auth``, ``keysize``, ``secret``, ``no-replay``, - ``no-iv``, ``tls-auth``, ``key-method``, ``tls-server`` + ``tls-auth``, ``key-method``, ``tls-server`` and ``tls-client``. This option requires that ``--disable-occ`` NOT be used. diff --git a/doc/man-sections/unsupported-options.rst b/doc/man-sections/unsupported-options.rst index 8aff5dd..05ba3ca 100644 --- a/doc/man-sections/unsupported-options.rst +++ b/doc/man-sections/unsupported-options.rst @@ -19,7 +19,7 @@ longer supported --no-iv Removed in OpenVPN 2.5. This option should not be used as it weakens the - VPN tunnel security. + VPN tunnel security. This has been a NOOP option since OpenVPN 2.4. --no-replay Removed in OpenVPN 2.5. This option should not be used as it weakens the diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 8e9d845..a81336f 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -8012,11 +8012,6 @@ add_option(struct options *options, VERIFY_PERMISSION(OPT_P_GENERAL); options->mute_replay_warnings = true; } - else if (streq(p[0], "no-iv") && !p[1]) - { - msg(msglevel, - "--no-iv is no longer supported. Remove it from client and server configs."); - } else if (streq(p[0], "replay-persist") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_GENERAL); |