22.06.2020 20:58, Selva Nair пишет:
+*WARNING*This MAY break configurations where the client uses
+``--disable-occ`` feature where the ``--cipher`` has
+not been explicitly configured on both client and
+server side. It is recommended to
Testing engines is problematic, so one of the prerequisites built for
the tests is a simple openssl engine that reads a non-standard PEM
guarded key. The test is simply can we run a client/server
configuration with the usual sample key replaced by an engine key.
The trivial engine prints out some
This is the version that should work on Linux, Mac and BSD (famous
last words ...). I've checked it on the Linux platforms (Ubuntu and
OpenSUSE).
James
---
James Bottomley (1):
Add unit tests for engine keys
configure.ac | 2 +
Hi,
On Mon, Jun 22, 2020 at 11:28:16AM -0700, James Bottomley wrote:
> That will be my fault. I assumed automake always ran with gnu make,
No :-) (and let's not start a gnu make vs bsd make vs. cmake vs. ant
discussion now :-) ).
Specifically, we run automake on linux systems before doing
On Mon, 2020-06-22 at 19:28 +0200, Gert Doering wrote:
> Hi,
>
> On Mon, Jun 22, 2020 at 10:06:44AM -0700, James Bottomley wrote:
> > > [..]
> > > > Right, that's what the patch in the url does: uses .so on both
> > > > mac
> > > > and linux.
> > >
> > > I got all confused with your "v6" patch
[resent for the ML inclusion]
On 22/06/2020 18:58, Selva Nair wrote:
> On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth wrote:
[...snip...]
>> +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
>> --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers
>>
On 22/06/2020 14:43, Steffan Karger wrote:
> Hi,
>
> On 22-06-2020 14:29, David Sommerseth wrote:
>> On 22/06/2020 14:21, Arne Schwabe wrote:
>>>
PrivateTmp=true
WorkingDirectory=/etc/openvpn/server
-ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
On 22/06/2020 19:20, André via Openvpn-devel wrote:
> Hi,
>
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐ Original Message ‐‐‐
> On Monday 22 June 2020 18:58, Selva Nair wrote:
>
>> On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth dav...@openvpn.net wrote:
>>
>>> This change makes
Hi,
On Mon, Jun 22, 2020 at 10:06:44AM -0700, James Bottomley wrote:
> > [..]
> > > Right, that's what the patch in the url does: uses .so on both mac
> > > and linux.
> >
> > I got all confused with your "v6" patch and your "v7" patch, which
> > did other things, and but did not have a "v6" in
Hi,
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Monday 22 June 2020 18:58, Selva Nair wrote:
> On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth dav...@openvpn.net wrote:
>
> > This change makes the server use AES-256-GCM instead of BF-CBC as the
> > default cipher
On Mon, 2020-06-22 at 18:23 +0200, Gert Doering wrote:
> Hi,
>
> On Sun, Jun 21, 2020 at 08:10:34AM -0700, James Bottomley wrote:
> > > Arne, James, can we converge on something here?
> >
> > Could someone just test the proposed updated v6 patch on a Mac?
> >
> >
On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth wrote:
>
> This change makes the server use AES-256-GCM instead of BF-CBC as the
> default cipher for the VPN tunnel when starting OpenVPN via systemd
> and the openvpn-server@.service unit file.
>
> To avoid breaking existing running
Hi,
On Sun, Jun 21, 2020 at 08:10:34AM -0700, James Bottomley wrote:
> > Arne, James, can we converge on something here?
>
> Could someone just test the proposed updated v6 patch on a Mac?
>
> https://sourceforge.net/p/openvpn/mailman/message/37031113/
Took Arne and me half a day ("the macos
By default OpenSSL 1.1+ only allows signatures and ecdh/ecdhx from the
default list of X25519:secp256r1:X448:secp521r1:secp384r1. In
TLS1.3 key exchange is independent from the signature/key of the
certificates, so allowing all groups per default is not a sensible
choice anymore and instead a
Am 22.06.20 um 14:43 schrieb Steffan Karger:
> Hi,
>
> On 22-06-2020 14:29, David Sommerseth wrote:
>> On 22/06/2020 14:21, Arne Schwabe wrote:
>>>
PrivateTmp=true
WorkingDirectory=/etc/openvpn/server
-ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
Hi,
On 22-06-2020 14:29, David Sommerseth wrote:
> On 22/06/2020 14:21, Arne Schwabe wrote:
>>
>>> PrivateTmp=true
>>> WorkingDirectory=/etc/openvpn/server
>>> -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
>>> --status-version 2 --suppress-timestamps --config %i.conf
On 22/06/2020 14:21, Arne Schwabe wrote:
>
>> PrivateTmp=true
>> WorkingDirectory=/etc/openvpn/server
>> -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
>> --status-version 2 --suppress-timestamps --config %i.conf
>> +ExecStart=@sbindir@/openvpn --status
> PrivateTmp=true
> WorkingDirectory=/etc/openvpn/server
> -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
> --status-version 2 --suppress-timestamps --config %i.conf
> +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
> --status-version 2
This change makes the server use AES-256-GCM instead of BF-CBC as the
default cipher for the VPN tunnel when starting OpenVPN via systemd
and the openvpn-server@.service unit file.
To avoid breaking existing running configurations defaulting to BF-CBC,
the Negotiable Crypto Parameters (NCP) list
Good morning,
and thanks for the quick review :-)
On Sun, Jun 21, 2020 at 06:23:15PM -0400, Selva Nair wrote:
> On Sat, Jun 20, 2020 at 12:23 PM Gert Doering wrote:
> > If OpenVPN signals deferred authentication support (by setting the
> > internal environment variable "auth_control_file"), do
20 matches
Mail list logo
