mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
doc/man: Mark compression options as deprecated
Due to the VORACLE attack vector, compression in general is deprecated. Make this clear in the man page. Also remove an incorrect statement claiming --compress lzo is compatible with --comp-lzo. It is not, as --compress lzo uses a different compression framing than --comp-lzo. Signed-off-by: David Sommerseth <davids@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20200716225338.611-6-davids@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20417.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
parent
f500c49c8e
commit
850fd5fab7
@ -60,9 +60,7 @@ configured in a compatible way between both the local and remote side.
|
|||||||
|
|
||||||
The ``algorithm`` parameter may be :code:`lzo`, :code:`lz4`, or empty.
|
The ``algorithm`` parameter may be :code:`lzo`, :code:`lz4`, or empty.
|
||||||
LZO and LZ4 are different compression algorithms, with LZ4 generally
|
LZO and LZ4 are different compression algorithms, with LZ4 generally
|
||||||
offering the best performance with least CPU usage. For backwards
|
offering the best performance with least CPU usage.
|
||||||
compatibility with OpenVPN versions before v2.4, use :code:`lzo` (which
|
|
||||||
is identical to the older option ``--comp-lzo yes``).
|
|
||||||
|
|
||||||
If the ``algorithm`` parameter is empty, compression will be turned off,
|
If the ``algorithm`` parameter is empty, compression will be turned off,
|
||||||
but the packet framing for compression will still be enabled, allowing a
|
but the packet framing for compression will still be enabled, allowing a
|
||||||
@ -79,8 +77,9 @@ configured in a compatible way between both the local and remote side.
|
|||||||
*not* enable compression.
|
*not* enable compression.
|
||||||
|
|
||||||
--comp-lzo mode
|
--comp-lzo mode
|
||||||
*DEPRECATED* This option will be removed in a future OpenVPN release.
|
**DEPRECATED** Enable LZO compression algorithm. Compression is
|
||||||
Use the newer ``--compress`` instead.
|
generally not recommended. VPN tunnels which uses compression are
|
||||||
|
suspectible to the VORALCE attack vector.
|
||||||
|
|
||||||
Use LZO compression -- may add up to 1 byte per packet for incompressible
|
Use LZO compression -- may add up to 1 byte per packet for incompressible
|
||||||
data. ``mode`` may be :code:`yes`, :code:`no`, or :code:`adaptive`
|
data. ``mode`` may be :code:`yes`, :code:`no`, or :code:`adaptive`
|
||||||
@ -106,9 +105,9 @@ configured in a compatible way between both the local and remote side.
|
|||||||
link, the second sets the client side.
|
link, the second sets the client side.
|
||||||
|
|
||||||
--comp-noadapt
|
--comp-noadapt
|
||||||
When used in conjunction with ``--comp-lzo``, this option will disable
|
**DEPRECATED** When used in conjunction with ``--comp-lzo``, this option
|
||||||
OpenVPN's adaptive compression algorithm. Normally, adaptive compression
|
will disable OpenVPN's adaptive compression algorithm. Normally, adaptive
|
||||||
is enabled with ``--comp-lzo``.
|
compression is enabled with ``--comp-lzo``.
|
||||||
|
|
||||||
Adaptive compression tries to optimize the case where you have
|
Adaptive compression tries to optimize the case where you have
|
||||||
compression enabled, but you are sending predominantly incompressible
|
compression enabled, but you are sending predominantly incompressible
|
||||||
|
Loading…
Reference in New Issue
Block a user