Default server config contains enabled deprecated option cipher
#511
Assignees
Labels
documentation
documentation only, no code affected
patch-submitted
There is a patch on the list waiting for merge
Comments
|
This client setting also looks suspicious, I haven't tested this one: https://github.com/OpenVPN/openvpn/blob/master/sample/sample-config-files/client.conf#L116 |
|
Good catch. It will work but is not setting a suitable example for what people should be using. We'll deal with it :-) |
|
Work-in-progress patch here: https://gerrit.openvpn.net/c/openvpn/+/532 |
flichtenheld
added
documentation
cron2
pushed a commit
that referenced
this issue
Mar 25, 2024
- Remove compression settings. Not recommended anymore. - Remove old cipher setting. Replaced by data-ciphers negotiation. - Add comment how to set data-ciphers for very old clients. - Remove/reword some old comments. e.g. no need to reference OpenVPN 1.x anymore. - Mention peer-fingerprint alternative. - comment out "tls-auth" as that is not needed for a bare-bones VPN config and needs additional setup. Github: #511 Change-Id: I1a36651c0dea52259533ffc00bccb9b03bf82e26 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Message-Id: <20240325071320.11348-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28451.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
cron2
pushed a commit
that referenced
this issue
Mar 25, 2024
- Remove compression settings. Not recommended anymore. - Remove old cipher setting. Replaced by data-ciphers negotiation. - Add comment how to set data-ciphers for very old clients. - Remove/reword some old comments. e.g. no need to reference OpenVPN 1.x anymore. - Mention peer-fingerprint alternative. - comment out "tls-auth" as that is not needed for a bare-bones VPN config and needs additional setup. Github: #511 Change-Id: I1a36651c0dea52259533ffc00bccb9b03bf82e26 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Message-Id: <20240325071320.11348-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28451.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit b0fc10a)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The default server config contains
cipher AES-256-CBCuncommented: https://github.com/OpenVPN/openvpn/blob/master/sample/sample-config-files/server.conf#L252On start:
https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Policy:Migrateawayfromdeprecatedciphers.Status:Inprogress
This example needs to be updated or removed. Thanks.
The text was updated successfully, but these errors were encountered: