diff options
author | Arne Schwabe | 2021-04-01 14:37:51 +0200 |
---|---|---|
committer | Gert Doering | 2021-04-03 11:35:04 +0200 |
commit | 6ea62d5072b81ba07b1cd1c6d97b16a571b93d40 (patch) | |
tree | ef812152e32584649e62ac2e3f4520c4ce7352b3 /src/openvpn/ssl.c | |
parent | 60f5889ae6f73c710c6d96a2ee71a41654d3d091 (diff) | |
download | openvpn-6ea62d5072b81ba07b1cd1c6d97b16a571b93d40.zip openvpn-6ea62d5072b81ba07b1cd1c6d97b16a571b93d40.tar.gz |
Remove deprecated option '--keysize'
This option has been deprecated in OpenVPN 2.4 and the ciphers that allow
using this option fall all into the SWEET32 category of ciphers with
64 bit block size.
Patch V2: Remove superflous check in OpenSSL codepath to check keysize
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20210401123751.31756-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21943.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/ssl.c')
-rw-r--r-- | src/openvpn/ssl.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 9b9ef68..0948c1e 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1872,11 +1872,6 @@ tls_session_update_crypto_params(struct tls_session *session, { msg(D_HANDSHAKE, "Data Channel: using negotiated cipher '%s'", options->ciphername); - if (options->keysize) - { - msg(D_HANDSHAKE, "NCP: overriding user-set keysize with default"); - options->keysize = 0; - } } else { @@ -1887,7 +1882,7 @@ tls_session_update_crypto_params(struct tls_session *session, } init_key_type(&session->opt->key_type, options->ciphername, - options->authname, options->keysize, true, true); + options->authname, true, true); bool packet_id_long_form = cipher_kt_mode_ofb_cfb(session->opt->key_type.cipher); session->opt->crypto_flags &= ~(CO_PACKET_ID_LONG_FORM); |