diff options
author | Steffan Karger <steffan@karger.me> | 2015-05-05 17:47:37 +0200 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2015-05-09 15:40:01 +0200 |
commit | 5f66f907cfc57b89110c08e50c7aab228e090911 (patch) | |
tree | e617504362dd115b7a8ec06b0adb1a37e1e1dbad /src | |
parent | 23b6ba6378bf3a3f5ceb828c8a4dd7cc38947d07 (diff) | |
download | openvpn-5f66f907cfc57b89110c08e50c7aab228e090911.tar.gz openvpn-5f66f907cfc57b89110c08e50c7aab228e090911.tar.xz openvpn-5f66f907cfc57b89110c08e50c7aab228e090911.zip |
Improve --tls-cipher and --show-tls man page description
As reported in trac tickets #304, #358 and #359 (and possibly more), the
usage and interpretation of --tls-cipher (and --show-tls) is tricky. This
patch extends the man page to explain those a bit better and point out
that --tls-cipher is an expert feature (i.e. easy to get wrong). Also add
a notice to the --show-tls output, referring to the man page explanation.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1430840857-6123-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9651
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/openvpn/ssl_common.h | 5 | ||||
-rw-r--r-- | src/openvpn/ssl_openssl.c | 2 | ||||
-rw-r--r-- | src/openvpn/ssl_polarssl.c | 2 |
3 files changed, 7 insertions, 2 deletions
diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index 6222bd6..bb1c1c2 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -511,4 +511,9 @@ struct tls_multi }; +#define SHOW_TLS_CIPHER_LIST_WARNING \ + "Be aware that that whether a cipher suite in this list can actually work\n" \ + "depends on the specific setup of both peers. See the man page entries of\n" \ + "--tls-cipher and --show-tls for more details.\n\n" + #endif /* SSL_COMMON_H_ */ diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index d9abc6e..df9fa87 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1395,7 +1395,7 @@ show_available_tls_ciphers (const char *cipher_list) } } - printf ("\n"); + printf ("\n" SHOW_TLS_CIPHER_LIST_WARNING); SSL_free (ssl); SSL_CTX_free (tls_ctx.ctx); diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c index 913585d..cb282d9 100644 --- a/src/openvpn/ssl_polarssl.c +++ b/src/openvpn/ssl_polarssl.c @@ -1099,7 +1099,7 @@ show_available_tls_ciphers (const char *cipher_list) printf ("%s\n", ssl_get_ciphersuite_name(*ciphers)); ciphers++; } - printf ("\n"); + printf ("\n" SHOW_TLS_CIPHER_LIST_WARNING); tls_ctx_free(&tls_ctx); } |