diff options
author | Arne Schwabe <arne@rfc2549.org> | 2014-12-06 14:15:03 +0100 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2014-12-06 23:13:46 +0100 |
commit | 8a95f62e3114b8fdaf0fd3ce2d80ed82d5e0db20 (patch) | |
tree | cbd86f59dfddff39a5de88ef8dd04b402bdd4f7d /doc | |
parent | b0f2c521303b7bceb6806680363bc4b9d225e5b8 (diff) | |
download | openvpn-8a95f62e3114b8fdaf0fd3ce2d80ed82d5e0db20.tar.gz openvpn-8a95f62e3114b8fdaf0fd3ce2d80ed82d5e0db20.tar.xz openvpn-8a95f62e3114b8fdaf0fd3ce2d80ed82d5e0db20.zip |
Remove possibility of using --tls-auth with non OpenVPN Static key files
In older version OpenVPN would hash a --tls-auth file
if it does not conform to the expected format
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1417871704-30273-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9306
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/openvpn.8 | 21 |
1 files changed, 3 insertions, 18 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 96ba555..532eda5 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4609,26 +4609,11 @@ bearing an incorrect HMAC signature can be dropped immediately without response. .B file -(required) is a key file which can be in one of two formats: - -.B (1) -An OpenVPN static key file generated by +(required) is a file in OpenVPN static key format which can be generated by .B \-\-genkey -(required if -.B direction -parameter is used). - -.B (2) -A freeform passphrase file. In this case the HMAC key will -be derived by taking a secure hash of this file, similar to -the -.BR md5sum (1) -or -.BR sha1sum (1) -commands. -OpenVPN will first try format (1), and if the file fails to parse as -a static key file, format (2) will be used. +Older versions (up to 2.3) supported a freeform passphrase file. +This is no longer supported in newer versions (2.4+). See the .B \-\-secret |