mirror of
https://github.com/OpenVPN/openvpn.git
synced 2026-04-24 07:37:54 -04:00
c94b3ff0f5
As discussed with the development team, we should start moving away from
ciphers with a small block size. For OpenVPN in particular this means
moving away from 64-bit block ciphers, towards 128-bit block ciphers.
This patch makes a start with that by moving ciphers with a block
size < 128 bits to the bottom of the --show-ciphers output, and printing
a warning in the connection phase if such a cipher is used.
While touching this function, improve the output of --show-ciphers by
ordering the output alphabetically, and changing the output format
slightly.
[DS: Fixed C89 issues in patch, moving 'int nid' and 'size_t i' declaration
to begining of function instead of in the for-loops. This is also
required to not break building on stricter compiler setups where C99
must be enabled explicitly ]
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1471358742-8773-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg00029.html
CVE: 2016-6329
Signed-off-by: David Sommerseth <davids@openvpn.net>
|
||
|---|---|---|
| .. | ||
| unit_tests | ||
| Makefile.am | ||
| t_client.rc-sample | ||
| t_client.sh.in | ||
| t_cltsrv-down.sh | ||
| t_cltsrv.sh | ||
| t_lpback.sh | ||