[Openvpn-devel] [PATCH applied] Re: Document tls-ciphersuites also in --help output

Acked-by: Gert Doering "because it makes sense" :) Your patch has been applied to the master branch. commit 076b98f58da7d9ceb2e8975cbfa84ea2d95b Author: Arne Schwabe Date: Wed Dec 4 12:09:38 2019 +0100 Document tls-ciphersuites also in --help output Signed-off-by: Arne Schwabe

[Openvpn-devel] [PATCH applied] Re: Add support for OpenSSL TLS 1.3 when using management-external-key

Your patch has been applied to the master branch. I have diff'ed v7 and v8 of the patch, and the only difference is "commit message" and "comments in the code" - as far as I could see without really checking every single change, all to address Selva's comments. Since v7 got an ACK, I'm applying t

[Openvpn-devel] [PATCH applied] Re: Make tls_version_max return the actual maximum version

Your patch has been applied to the master branch. Thanks for the confirmation about that commit message change - it seemed to make sense, but to hear from the author is better :-) - changed on the fly, as requested. Lightly tested with OpenSSL 1.0.2o, OpenSSL 1.0.1l, OpenSSL 1.1.1d. *Not* tested

[Openvpn-devel] [PATCH] Document tls-ciphersuites also in --help output

Signed-off-by: Arne Schwabe --- src/openvpn/options.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index aec4e01c..e41d3486 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -606,7 +606,8 @@ static const char u

[Openvpn-devel] [PATCH v8 2/2] Add support for OpenSSL TLS 1.3 when using management-external-key

For TLS versions 1.0 to 1.2 and OpenSSL 1.1.0 and requires a PKCS1 padded response for the external key implementation. As TLS 1.3 mandates RSA-PSS padding support and also requires an TLS 1.3 implementation to support RSA-PSS for older TLS version, OpenSSL will query us to sign an already RSA-PSS

Re: [Openvpn-devel] [PATCH v7 2/2] Add support for OpenSSL TLS 1.3 when using management-external-key

Am 23.11.19 um 03:07 schrieb Selva Nair: > Hi, > > Thanks for the updates. > > In spite of several nits below, I'm ACKing this. > > All remarks are typos or grammar, important only for docs > and some comments. I suggest to handle these as a minor follow > up patch.  > > I'm also ignoring most

Re: [Openvpn-devel] [PATCH v7 1/2] Make tls_version_max return the actual maximum version

Am 23.11.19 um 03:04 schrieb Selva Nair: > Hi, > > On Fri, Nov 22, 2019 at 9:34 AM Arne Schwabe > wrote: > > Before OpenSSL 1.1.1 there could be no mismatch between > compiled and actual OpenSSL version. With OpenSSL 1.1.1 we need > runtime detection to detec