From 4969f0d6bba8a82d411f0700c2e8e4efbeccb6c8 Mon Sep 17 00:00:00 2001
From: Steffan Karger
Date: Wed, 7 Dec 2016 20:20:47 +0100
Subject: Deprecate --no-iv

This fixes the bug of supporting --no-iv (since we're only accepting
bugfixes in the current release phase ;) ).

The --no-iv function decreases security if used (CBC *requires*
unpredictable IVs, other modes don't allow --no-iv at all), and even
marginally decreases other user's security by adding unwanted
complexity to our code.

Let's get rid of this.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1481138447-6292-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13430.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 Changes.rst | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'Changes.rst')

diff --git a/Changes.rst b/Changes.rst
index 9258230..a21c094 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -177,6 +177,8 @@ Deprecated features
   X.509 subject formatting must be updated to the standardized formatting.  See
   the man page for more information.
 
+- ``--no-iv`` is deprecated in 2.4 and will be remove in 2.5.
+
 User-visible Changes
 --------------------
 - For certificate DNs with duplicate fields, e.g. "OU=one,OU=two", both fields
-- 
cgit v1.1