Changes between Version 84 and Version 85 of DeprecatedOptions

Timestamp:

03/27/24 13:08:24 (5 weeks ago)

Author:

flichtenheld

Comment:

Change "Removal of insecure ciphers" as discussed in Community meeting 2024-03-27

DeprecatedOptions

@@ -101 +101 @@
 
 
-== Policy: Removal of insecure ciphers || **Status: Pending removal** ==
+== Policy: Removal of insecure ciphers || **Status: To be decided** ==
 Ciphers with cipher block-size less than 128 bits; Most commonly `BF`, `DES`, `CAST5`, `IDEA` and `RC2`.
 ||=Status =||Pending removal ||
 ||=Deprecated in: =||OpenVPN v2.4 ||
-||=To be removed in: =||'''OpenVPN v2.7''' ||
+||=To be removed in: =|| TBD ||
 ||=Affects: =||Client and server ||
 ||=Result if used: =||OpenVPN will not start due to incorrect cipher being used||
@@ -111 +111 @@
 ||=Examples: =||(N/A) ||
 After the discovery of the [https://sweet32.info SWEET32 Birthday attacks on 64-bit block ciphers] any cipher using a cipher block length smaller than 128 bits is considered insecure and prone to be successfully attacked.  The cipher block length is '''''not''''' an indication of the cipher ''key'' length.
+
+For now we will not officially remove them and focus on educating users. Maybe at some point the SSL libraries will start dropping them.
 
 == Policy: Migrate away from deprecated ciphers. **Status: In progress** ==