diff options
| author | Steffan Karger | 2016-12-07 20:20:47 +0100 |
|---|---|---|
| committer | Gert Doering | 2016-12-07 22:06:18 +0100 |
| commit | 4969f0d6bba8a82d411f0700c2e8e4efbeccb6c8 (patch) | |
| tree | aa0802e34d003e4692995bc719a0a8a1369d5f93 /Changes.rst | |
| parent | 84f88ca4d57cd0dc40fd945e09ab1cea1b2cd0b7 (diff) | |
| download | openvpn-4969f0d6bba8a82d411f0700c2e8e4efbeccb6c8.zip openvpn-4969f0d6bba8a82d411f0700c2e8e4efbeccb6c8.tar.gz | |
Deprecate --no-iv
This fixes the bug of supporting --no-iv (since we're only accepting
bugfixes in the current release phase ;) ).
The --no-iv function decreases security if used (CBC *requires*
unpredictable IVs, other modes don't allow --no-iv at all), and even
marginally decreases other user's security by adding unwanted
complexity to our code.
Let's get rid of this.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1481138447-6292-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13430.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'Changes.rst')
| -rw-r--r-- | Changes.rst | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Changes.rst b/Changes.rst index 9258230..a21c094 100644 --- a/Changes.rst +++ b/Changes.rst @@ -177,6 +177,8 @@ Deprecated features X.509 subject formatting must be updated to the standardized formatting. See the man page for more information. +- ``--no-iv`` is deprecated in 2.4 and will be remove in 2.5. + User-visible Changes -------------------- - For certificate DNs with duplicate fields, e.g. "OU=one,OU=two", both fields |