Disable compress option by default
Can we disable compress option at all in our plugin?
It seems that we use compress lzo from here:
On support, we received ticket #2861, which says:
there is a vulnerability with OpenVPN with 'compress lzo' enable and with this vulnerability, it's possible to decrypt parts of HTTP traffic. HTTPS is not affected.
More details can be found here: https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-http-data-from-vpn-connections/
The only downside of disabling that option is that it can reduce the speed of OpenVPN.
The OpenVPN doc was also updated. See more details from their mail list: https://firstname.lastname@example.org/msg16919.html