NTLMv1 is ancient and not considered secure anymore and we are not
aware of any users or software still requiring this feature.
Additionally it currently depends on our "doing single DES using
3DES" workaround for OpenSSL (cipher_des_encrypt_ecb). So removing
NTLMv1 will also allow us to remove that workaround.
Reported-By: Trial of Bits (TOB-OVPN-7)
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/proxy.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
index ed7201616..633caee09 100644
--- a/src/openvpn/proxy.c
+++ b/src/openvpn/proxy.c
@@ -519,6 +519,8 @@ http_proxy_new(const struct http_proxy_options *o)
#if NTLM
else if (!strcmp(o->auth_method_string, "ntlm"))
{
+ msg(M_INFO, "NTLM v1 authentication is deprecated and will be
removed in "
+ "OpenVPN 2.7");
p->auth_method = HTTP_AUTH_NTLM;
}
else if (!strcmp(o->auth_method_string, "ntlm2"))
--
2.37.1 (Apple Git-137.1)
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
