Hi, On 21 December 2016 at 21:54, David Sommerseth <dav...@openvpn.net> wrote: > User-visible Changes > -------------------- > +- When using ciphers with cipher blocks less than 128-bits > + OpenVPN will complain loudly if the configuration uses ciphers considered > + weak, such as the SWEET32 attack vector. In such scenarios, OpenVPN will > by > + default do a renegotiation for each 64MB of transported data > (``--reneg-bytes``). > + This can renegotiation can be disabled, but is HIGHLY DISCOURAGED.
There's a can too much here. > +If using ciphers with cipher block sizes less than 128-bits, > \-\-reneg\-bytes is > +set to 64MB by default, unless it is explicitly disabled by setting the > value to > +0,but this is Missing a space behind the , > +.B HIGHLY DISCOURAGED > +as this is designed to add some protection against the SWEET32 attack vector. > +For more information see the \-\-cipher option. -Steffan ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
