2023-10-25 14:19:28 +02:00
|
|
|
This version of OpenVPN has mbed TLS support. To enable, follow the
|
|
|
|
instructions below:
|
2011-07-01 14:15:11 +02:00
|
|
|
|
2023-10-25 14:19:28 +02:00
|
|
|
To build and install,
|
2011-07-01 14:15:11 +02:00
|
|
|
|
2017-08-22 13:47:15 +02:00
|
|
|
./configure --with-crypto-library=mbedtls
|
2011-07-01 14:15:11 +02:00
|
|
|
make
|
|
|
|
make install
|
|
|
|
|
2023-10-25 14:19:28 +02:00
|
|
|
This version requires mbed TLS version >= 2.0.0 or >= 3.2.1.
|
2011-07-05 13:09:13 +02:00
|
|
|
|
2011-07-01 14:15:11 +02:00
|
|
|
*************************************************************************
|
|
|
|
|
2017-08-22 13:47:15 +02:00
|
|
|
Due to limitations in the mbed TLS library, the following features are missing
|
|
|
|
in the mbed TLS version of OpenVPN:
|
2011-07-01 14:15:11 +02:00
|
|
|
|
|
|
|
* PKCS#12 file support
|
2011-07-05 13:09:13 +02:00
|
|
|
* --capath support - Loading certificate authorities from a directory
|
2011-07-01 14:15:11 +02:00
|
|
|
* Windows CryptoAPI support
|
2011-07-05 13:09:13 +02:00
|
|
|
* X.509 alternative username fields (must be "CN")
|
|
|
|
|
|
|
|
Plugin/Script features:
|
2011-07-01 14:15:11 +02:00
|
|
|
|
2011-07-05 13:09:13 +02:00
|
|
|
* X.509 subject line has a different format than the OpenSSL subject line
|
|
|
|
* X.509 certificate tracking
|
2023-10-25 14:19:28 +02:00
|
|
|
|
|
|
|
*************************************************************************
|
|
|
|
|
2023-11-15 16:17:40 +01:00
|
|
|
Mbed TLS 3 has implemented (parts of) the TLS 1.3 protocol, but we have disabled
|
|
|
|
support in OpenVPN because the TLS-Exporter function is not yet implemented.
|