Key method 2 has been the default since OpenVPN 2.0, and is both more functional and secure. Also, key method 1 was only ever supported for peer-to-peer connections (i.e. not for client-server).
Let's get rid of some legacy and phase out key method 1. Signed-off-by: Steffan Karger <stef...@karger.me> --- src/openvpn/options.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 1eb3a41..f39c4fa 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2245,6 +2245,12 @@ options_postprocess_verify_ce (const struct options *options, const struct conne "may accept clients which do not present a certificate"); } + if (options->key_method == 1) + { + msg (M_WARN, "WARNING: --key-method 1 is deprecated and will be removed" + "in OpenVPN 2.5. Migrate to --key-method 2 as soon as possible."); + } + if (options->tls_server || options->tls_client) { #ifdef ENABLE_PKCS11 -- 2.7.4 ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel