Re: RFE: networkmanager-openvpn tls-version-min setting (for TLSv1.2)

[Dan Williams]

On Mon, 2014-12-29 at 11:52 +0800, Anthony Alba wrote:
 Playing around with Fedora 21/nm-openvpn it turns out that the version
 of openvpn 2.3.6 in F21 supports TLSv1.2 cipher suites, however for
 backward compatibility reasons openvpn = 2.3.4  forces TLSv1 for
 the Control Channel.
 
 If I have a server running 2.3.6  --tls-version-min=1.0, I would like
 to be able to set nm-openvpn clinet to use --tls-version-min=1.2 thus
 availing myself of TLSv1.2.

I don't believe it's supported yet, and if you are willing to work on a
patch that's great!  I've filed this bug to track it:

https://bugzilla.gnome.org/show_bug.cgi?id=742604

so it doesn't get lost.  For the UI side I think the option should
probably be a dropdown box in the Security tab of the Advanced dialog,
much like HMAC Auth one.

Thanks!
Dan

___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

RFE: networkmanager-openvpn tls-version-min setting (for TLSv1.2)

[Anthony Alba]

Hi all,

Playing around with Fedora 21/nm-openvpn it turns out that the version
of openvpn 2.3.6 in F21 supports TLSv1.2 cipher suites, however for
backward compatibility reasons openvpn = 2.3.4  forces TLSv1 for
the Control Channel.

If I have a server running 2.3.6  --tls-version-min=1.0, I would like
to be able to set nm-openvpn clinet to use --tls-version-min=1.2 thus
availing myself of TLSv1.2.

I'll  see if I can rustle up a patch, but just checking whether
someone has done this already.

Cheers

Anthony
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list