>> +++ b/src/openvpn/options.c >> @@ -536,7 +536,7 @@ static const char usage_message[] = >> "--cipher alg : Encrypt packets with cipher algorithm alg\n" >> " (default=%s).\n" >> " Set alg=none to disable encryption.\n" >> - "--ncp-ciphers list : List of ciphers that are allowed to be >> negotiated.\n" >> + "--data-ciphers list : List of ciphers that are allowed to be >> negotiated.\n" >> "--ncp-disable : (DEPRECATED) Disable cipher negotiation.\n" >> "--prng alg [nsl] : For PRNG, use digest algorithm alg, and\n" >> " nonce_secret_len=nsl. Set alg=none to disable >> PRNG.\n" >> @@ -7866,7 +7866,8 @@ add_option(struct options *options, >> VERIFY_PERMISSION(OPT_P_NCP|OPT_P_INSTANCE); >> options->ciphername = p[1]; >> } >> - else if (streq(p[0], "ncp-ciphers") && p[1] && !p[2]) >> + else if ((streq(p[0], "data-ciphers") || streq(p[0], "ncp-ciphers")) >> + && p[1] && !p[2]) > > I do agree to using --data-ciphers instead of --ncp-ciphers, that is far more > user-friendly naming of this feature. NCP is a more technical > "under-the-hood" terminology which users don't really need to relate to, where > --data-ciphers better explains what it is used for. > > But I do reject NOT adding a deprecation path for --ncp-ciphers. We should > support --ncp-ciphers for 1-2 major releases, but after that it should be > removed. We have too many options and we certainly should avoid duplicating > options with the exact same functionality.
This was a deliberate decision. We really want to people to move towards ncp and putting another hurdle with having an option that works better on but gives a warning and a option that does not work on 2.4 does not help here. If we decide that really aliases are a no-go in OpenVPN then I would rather drop data-ciphers and stay with ncp-ciphers forever for this reason. Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
