On 15/08/17 16:26, Илья Шипицин wrote: > 2017-08-14 15:36 GMT+05:00 David Sommerseth < > open...@sf.lists.topphemmelig.net>: > >> On 01/07/17 13:29, Steffan Karger wrote: >> >> So I propose: >> >> - We add the warning about removing --keysize for both v2.4 and v2.5. >> >> - Add a warning in v2.4 and v2.5 that ciphers with block sizes < 128 >> bits will be *removed* in v2.6 >> >> - When removing those ciphers in v2.6, we can remove --keysize together >> with the ciphers, as it will no longer be valid. But --keysize needs >> to be a NOP for some time (with a warning it has no effect), to avoid >> OpenVPN stopping to run on upgrades. >> >> - Ensure these changes are synchronised within OpenVPN 3 as well >> >> - Start a new wiki page: "How-To: Migrate to secure and modern >> OpenVPN configurations" where we list all deprecated features/options >> and their replacement (including examples). We also need to have a >> description on the reasoning for deprecating and removing these >> options. >> > > there are special cases like Mikrotik openvpn (pretty popular), where > user simply use what hardware vendor installed (without possibility to > recompile). > > should we contact such hardware vendors as well ?
there might be an non-predictable number of vendors shipping their own openvpn version. We can't contact them all. It's their responsibility to stay behind the changes in what they ship. If they don't, their users will complain aloud with them ;) On top of that, this does not prevent users from using their own config, right? So they can still configure the client to avoid deprecated options. Cheers, -- Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
