Re: [Openvpn-devel] [PATCH] Add topology in sample server configuration file

- Original Message - > From: "Gert Doering" > To: "David Sommerseth" > Cc: "Gert Doering" , "Jan Just Keijser" > , openvpn-devel@lists.sourceforge.net > Sent: Saturday, 12 July, 2014 1:31:09 PM >

Re: [Openvpn-devel] [PATCH] Add topology in sample server configuration file

Hi, On Sat, Jul 12, 2014 at 12:41:14PM +0200, David Sommerseth wrote: > IIRC, the guy overseeing the Secure Response Team in RH is Mark Cox, which > again > is also an upstream OpenSSL maintainer. So I'm quite sure all RH releases > have > fixed this issue. Well, OpenSSL considers this a

Re: [Openvpn-devel] [PATCH] Add topology in sample server configuration file

- Original Message - > From: "Gert Doering" > To: "David Sommerseth" > Cc: "Jan Just Keijser" , > openvpn-devel@lists.sourceforge.net > Sent: Saturday, 12 July, 2014 11:41:30 AM > Subject: Re: [Openvpn-devel] [PATCH]

Re: [Openvpn-devel] [PATCH] Add topology in sample server configuration file

Hi, On Sat, Jul 12, 2014 at 11:08:46AM +0200, David Sommerseth wrote: > > my question would be : why does openvpn need SSL_OP_NO_TICKET? why not > > #ifdef the code, e.g. > > > >SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 > >#ifdef SSL_OP_NO_TICKET > > |

Re: [Openvpn-devel] [PATCH] Add topology in sample server configuration file

- Original Message - > From: "Jan Just Keijser" > To: "Steffan Karger" , openvpn-devel@lists.sourceforge.net > Sent: Saturday, 12 July, 2014 1:17:22 AM > Subject: Re: [Openvpn-devel] [PATCH] Add topology in sample server > configuration file > >

Re: [Openvpn-devel] [PATCH] Add topology in sample server configuration file

Hi, On 11/07/14 20:35, Steffan Karger wrote: Hi, On 11-07-14 20:17, Jan Just Keijser wrote: on CentOS 5 I get checking for SSL_OP_NO_TICKET flag in OpenSSL... no configure: error: OpenVPN 2.4+ requires SSL_OP_NO_TICKET in OpenSSL which is logical as the "stock" openssl lib on CentOS 5 is