Hi, On 26-12-2019 09:15, Yevgeny Kosarzhevsky wrote: > On Tue, 24 Dec 2019 at 17:39, Steffan Karger <stef...@karger.me> wrote: >> --no-iv is a bad option. It's removed from the master branch on January >> 2017, and will not return. > > Yes I know. It's totally good when you wish to reduce total packet size though >
No, it's not. It introduces a hard to assess and often unacceptable security risk. We strongly advise against using this option. This is why the option will be gone in 2.5. If you want small packet overhead, use the AES-GCM modes instead. Most of the AES-GCM IV is implicit, leaving just 4 bytes per packet. That said, of course you're free to aim a gun at your foot if you really want to. Until 2.5, that is ;-) -Steffan _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
