The --no-replay feature is considered to be a security weakness, which
was also highlighed during the OpenVPN 2.4 security audit [0]. This
option was added to the DeprecatedOptions[1] list and has been reported
as deprecated since OpenVPN 2.4.
Now we remove it.
URL: [0]
https://community.openvp
Am 17.07.20 um 19:10 schrieb David Sommerseth:
> The --no-replay feature is considered to be a security weakness, which
> was also highlighed during the OpenVPN 2.4 security audit [0]. This
> option was added to the DeprecatedOptions[1] list and has been reported
> as deprecated since OpenVPN 2.4.
Am 26.07.20 um 02:01 schrieb Arne Schwabe:
> Am 17.07.20 um 19:10 schrieb David Sommerseth:
>> The --no-replay feature is considered to be a security weakness, which
>> was also highlighed during the OpenVPN 2.4 security audit [0]. This
>> option was added to the DeprecatedOptions[1] list and has
Hi,
On 26/07/2020 15:31, Arne Schwabe wrote:
> Am 26.07.20 um 02:01 schrieb Arne Schwabe:
>> Am 17.07.20 um 19:10 schrieb David Sommerseth:
>>> The --no-replay feature is considered to be a security weakness, which
>>> was also highlighed during the OpenVPN 2.4 security audit [0]. This
>>> option
Hi,
On 07-04-2021 17:50, Antonio Quartulli wrote:
> On 26/07/2020 15:31, Arne Schwabe wrote:
>> Am 26.07.20 um 02:01 schrieb Arne Schwabe:
>>> Am 17.07.20 um 19:10 schrieb David Sommerseth:
The --no-replay feature is considered to be a security weakness, which
was also highlighed during
>
> Given 2, how clear is our timeline on sunsetting non-AEAD ciphers? That
> would automatically sunset --no-replay. (I've lost track a bit...)
Heated debate as that is equal to drop compatibility completely with
OpenVPN 2.3. We have already a heated debate if dropping 2.3 config
compatibility
On 16/05/2021 19:14, Arne Schwabe wrote:
First of all, I do like Steffan's proposal:
> Remove the option, and:
> * if auth != none -> replay prevention is always enabled;
> * if auth == none -> replay prevention is disabled.
And with "remove the option", if it exists in a config, it should be
Am 17.05.21 um 01:58 schrieb David Sommerseth:
> On 16/05/2021 19:14, Arne Schwabe wrote:
>
> First of all, I do like Steffan's proposal:
>
>> Remove the option, and:
>> * if auth != none -> replay prevention is always enabled;
>> * if auth == none -> replay prevention is disabled.
>
> And wit
Officially deprecated since v2.4.
We have warned about using this forever.
It is time to pull the plug.
Change-Id: I58706019add6d348483ba222dd74e1466ff6c709
Signed-off-by: Frank Lichtenheld
Acked-by: Heiko Hund
---
This change was reviewed on Gerrit and approved by at least one
developer. I req