Also: * fix a typo in the openssl output ("may be use*d*") * mention GCM before CBC (we prefer AEAD modes)
Signed-off-by: Steffan Karger <steffan.kar...@foxcrypto.com> --- src/openvpn/crypto_mbedtls.c | 5 +++-- src/openvpn/crypto_openssl.c | 10 +++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 19a87eb4..fbb1f120 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -149,8 +149,9 @@ show_available_ciphers(void) #ifndef ENABLE_SMALL printf("The following ciphers and cipher modes are available for use\n" "with " PACKAGE_NAME ". Each cipher shown below may be used as a\n" - "parameter to the --cipher option. Using a CBC or GCM mode is\n" - "recommended. In static key mode only CBC mode is allowed.\n\n"); + "parameter to the --data-ciphers (or --cipher) option. Using a\n" + "GCM or CBC mode is recommended. In static key mode only CBC\n" + "mode is allowed.\n\n"); #endif while (*ciphers != 0) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index c47c2f3c..c60d4a54 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -287,11 +287,11 @@ show_available_ciphers(void) size_t num_ciphers = 0; #ifndef ENABLE_SMALL printf("The following ciphers and cipher modes are available for use\n" - "with " PACKAGE_NAME ". Each cipher shown below may be use as a\n" - "parameter to the --cipher option. The default key size is\n" - "shown as well as whether or not it can be changed with the\n" - "--keysize directive. Using a CBC or GCM mode is recommended.\n" - "In static key mode only CBC mode is allowed.\n\n"); + "with " PACKAGE_NAME ". Each cipher shown below may be used as a\n" + "parameter to the --data-ciphers (or --cipher) option. The\n" + "default key size is shown as well as whether or not it can be\n" + "changed with the --keysize directive. Using a GCM or CBC mode\n" + "is recommended. In static key mode only CBC mode is allowed.\n\n"); #endif for (nid = 0; nid < 10000; ++nid) -- 2.25.1 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel