Changes between Version 84 and Version 85 of DeprecatedOptions
- Timestamp:
- 03/27/24 13:08:24 (11 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
DeprecatedOptions
v84 v85 101 101 102 102 103 == Policy: Removal of insecure ciphers || **Status: Pending removal** ==103 == Policy: Removal of insecure ciphers || **Status: To be decided** == 104 104 Ciphers with cipher block-size less than 128 bits; Most commonly `BF`, `DES`, `CAST5`, `IDEA` and `RC2`. 105 105 ||=Status =||Pending removal || 106 106 ||=Deprecated in: =||OpenVPN v2.4 || 107 ||=To be removed in: =|| '''OpenVPN v2.7'''||107 ||=To be removed in: =|| TBD || 108 108 ||=Affects: =||Client and server || 109 109 ||=Result if used: =||OpenVPN will not start due to incorrect cipher being used|| … … 111 111 ||=Examples: =||(N/A) || 112 112 After the discovery of the [https://sweet32.info SWEET32 Birthday attacks on 64-bit block ciphers] any cipher using a cipher block length smaller than 128 bits is considered insecure and prone to be successfully attacked. The cipher block length is '''''not''''' an indication of the cipher ''key'' length. 113 114 For now we will not officially remove them and focus on educating users. Maybe at some point the SSL libraries will start dropping them. 113 115 114 116 == Policy: Migrate away from deprecated ciphers. **Status: In progress** ==