diff options
Diffstat (limited to 'src/openvpn/crypto.c')
-rw-r--r-- | src/openvpn/crypto.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 552e333..ca4af27 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -496,8 +496,9 @@ init_key_ctx (struct key_ctx *ctx, struct key *key, cipher_kt_iv_size(kt->cipher)); if (cipher_kt_block_size(kt->cipher) < 128/8) { - msg (M_WARN, "WARNING: this cipher's block size is less than 128 bit " - "(%d bit). Consider using a --cipher with a larger block size.", + msg (M_WARN, "WARNING: INSECURE cipher with block size less than 128" + " bit (%d bit). This allows attacks like SWEET32. Mitigate by " + "using a --cipher with a larger block size (e.g. AES-256-CBC).", cipher_kt_block_size(kt->cipher)*8); } } |