summaryrefslogtreecommitdiff
path: root/Changes.rst
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2020-09-01 16:53:32 +0200
committerBernhard Schmidt <berni@debian.org>2020-09-01 16:53:32 +0200
commit886dccf631de661ea1b4c8017de98b88b93d7f1c (patch)
tree2f74f9b3f93a35591ffdb305e3e2876cbb9a0c1d /Changes.rst
parent9ce71e1c58a83737b045861173254911fda9a76a (diff)
parent57f0b7b331088e489e93ae89ee0aed98381d8806 (diff)
Update upstream source from tag 'upstream/2.5_beta3'
Update to upstream version '2.5~beta3' with Debian dir 08bf4b8b33e73a97458e7fd53ec989aa541745cd
Diffstat (limited to 'Changes.rst')
-rw-r--r--Changes.rst10
1 files changed, 5 insertions, 5 deletions
diff --git a/Changes.rst b/Changes.rst
index 0aee360..f67e1d7 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -34,7 +34,7 @@ Improved Data channel cipher negotiation
Removal of BF-CBC support in default configuration:
By default OpenVPN 2.5 will only accept AES-256-GCM and AES-128-GCM as
data ciphers. OpenVPN 2.4 allows AES-256-GCM,AES-128-GCM and BF-CBC when
- no --cipher and --ncp-cipher options are present. Accepting BF-CBC can be
+ no --cipher and --ncp-ciphers options are present. Accepting BF-CBC can be
enabled by adding
data-ciphers AES-256-GCM:AES-128-GCM:BF-CBC
@@ -101,7 +101,7 @@ Linux VRF support
TLS 1.3 support
TLS 1.3 support has been added to OpenVPN. Currently, this requires
OpenSSL 1.1.1+.
- The options ``--tls-cipher-suites`` and ``--tls-groups`` have been
+ The options ``--tls-ciphersuites`` and ``--tls-groups`` have been
added to fine tune TLS protocol options. Most of the improvements
were also backported to OpenVPN 2.4 as part of the maintainance
releases.
@@ -112,7 +112,7 @@ Support setting DHCP search domain
wintun support yet). Other platforms need to support this via ``--up``
script (Linux) or GUI (OSX/Tunnelblick).
-per-client changing of ``--data-cipher`` or ``data-ciphers-fallback``
+per-client changing of ``--data-ciphers`` or ``data-ciphers-fallback``
from client-connect script/dir (NOTE: this only changes preference of
ciphers for NCP, but can not override what the client announces as
"willing to accept")
@@ -213,9 +213,9 @@ User-visible Changes
the client configuration almost immediately as result of the
faster connection setup feature.
-- ``--compression`` is nowadays considered risky, because attacks exist
+- ``--compress`` is nowadays considered risky, because attacks exist
leveraging compression-inside-crypto to reveal plaintext (VORACLE). So
- by default, ``--compression xxx`` will now accept incoming compressed
+ by default, ``--compress xxx`` will now accept incoming compressed
packets (for compatibility with peers that have not been upgraded yet),
but will not use compression outgoing packets. This can be controlled with
the new option ``--allow-compression yes|no|asym``.