mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-19 19:42:30 +02:00
Code
OpenVPN is an open source VPN daemon
2,661 Commits 13 Branches 119 Tags 33 MiB
C 94.7%
Shell 1.7%
M4 1.4%
CMake 1.1%
Makefile 0.7%
Other 0.4%
8353ae8075
Go to file
Arne Schwabe 8353ae8075 Implement tls-groups option to specify eliptic curves/groups 
By default OpenSSL 1.1+ only allows signatures and ecdh/ecdhx from the
default list of X25519:secp256r1:X448:secp521r1:secp384r1. In
TLS1.3 key exchange is independent from the signature/key of the
certificates, so allowing all groups per default is not a sensible
choice anymore and instead a shorter list is reasonable.

However, when using certificates with exotic curves that are not on
the group list, the signatures of these certificates will no longer
be accepted.

The tls-groups option allows to modify the group list to account
for these corner cases.

Patch V2: Uses local gc_arena instead of malloc/free, reword commit
          message. Fix other typos/clarify messages

Patch V3: Style fixes, adjust code to changes from mbedTLS session
          fix

Patch V5: Fix compilation with OpenSSL 1.0.2

Patch V6: Redo the 'while((token = strsep(&tmp_groups, ":"))' change
          which accidentally got lost.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20200721154922.17144-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20521.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
2020-07-21 22:33:58 +02:00
.github github: Add PR template with contributor related information 2017-02-06 11:26:05 +01:00
.travis Fetch OpenSSL versions via source/old links 2020-04-01 14:49:46 +02:00
build win: support for Visual Studio 2017 2018-10-01 08:16:29 +02:00
contrib Update copyright to include 2018 plus company name change 2018-02-01 08:29:21 +01:00
debug build: standard directory layout 2012-03-22 22:07:08 +01:00
dev-tools uncrustify openvpn/ sources 2018-12-12 13:43:17 +01:00
distro cleanup: Remove RPM openvpn.spec build approach 2019-02-28 16:54:02 +01:00
doc Implement tls-groups option to specify eliptic curves/groups 2020-07-21 22:33:58 +02:00
include client-connect: Implement deferred connect support for plugin API v2 2020-07-20 12:14:39 +02:00
m4 Fix various spelling mistakes 2019-02-06 19:07:34 +01:00
sample Change client side of t_lpback.sh configs to use inline material. 2020-05-13 17:09:53 +02:00
src Implement tls-groups option to specify eliptic curves/groups 2020-07-21 22:33:58 +02:00
tests t_client.sh: correctly report all failed instances in summary 2020-07-03 23:50:44 +02:00
.git-blame-ignore-revs Add c1ff8f247f (engine, pool, SSO) to .git-blame-ignore-revs 2020-06-26 15:03:39 +02:00
.gitattributes cleanup: add .gitattributes to control eol style explicitly 2012-04-26 20:54:26 +02:00
.gitignore doc/man: convert openvpn.8 to split-up .rst files 2020-07-17 11:23:18 +02:00
.mailmap Update .mailmap to unify and clean up odd names and e-mail addresses 2016-10-18 13:46:04 +02:00
.svncommitters Added mapping files from SVN commit ID to more descriptive commit IDs. 2010-10-21 11:31:26 +02:00
.travis.yml Drop support for OpenSSL 1.0.1 2020-07-20 21:40:11 +02:00
AUTHORS This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
ChangeLog Update copyright to include 2018 plus company name change 2018-02-01 08:29:21 +01:00
Changes.rst Remove --client-cert-not-required 2020-07-21 18:23:12 +02:00
compat.m4 copyright: Update GPLv2 license texts 2017-06-16 10:38:03 +02:00
config-msvc-version.h.in Fix Building Using MSVC 2017-03-16 08:55:33 +01:00
config-msvc.h Require AEAD support in the crypto library 2020-07-20 22:00:05 +02:00
configure.ac Implement tls-groups option to specify eliptic curves/groups 2020-07-21 22:33:58 +02:00
CONTRIBUTING.rst Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes 2016-05-19 11:22:50 +02:00
COPYING Update copyright to include 2018 plus company name change 2018-02-01 08:29:21 +01:00
COPYRIGHT.GPL copyright: Update GPLv2 license texts 2017-06-16 10:38:03 +02:00
INSTALL Drop support for OpenSSL 1.0.1 2020-07-20 21:40:11 +02:00
Makefile.am Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE. 2020-07-17 23:10:31 +02:00
msvc-build.bat win: support for Visual Studio 2017 2018-10-01 08:16:29 +02:00
msvc-dev.bat win: support for Visual Studio 2017 2018-10-01 08:16:29 +02:00
msvc-env.bat win: support for Visual Studio 2017 2018-10-01 08:16:29 +02:00
NEWS This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
openvpn.sln Introduce tapctl.exe utility and openvpnmsica.dll MSI CA 2019-01-17 15:31:18 +01:00
PORTS Update copyright to include 2018 plus company name change 2018-02-01 08:29:21 +01:00
README Update copyright to include 2018 plus company name change 2018-02-01 08:29:21 +01:00
README.ec Implement tls-groups option to specify eliptic curves/groups 2020-07-21 22:33:58 +02:00
README.IPv6 Update IPv6 related readme files 2014-01-03 16:01:12 +01:00
README.mbedtls docs: Replace all PolarSSL references to mbed TLS 2017-09-06 23:42:55 +02:00
TODO.IPv6 Fix various spelling mistakes 2019-02-06 19:07:34 +01:00
version.m4 Bump master to version 2.5_git 2016-12-21 21:59:35 +01:00
version.sh.in build: windows: install version.sh to allow installer read version 2012-03-24 00:14:23 +01:00

README 

OpenVPN -- A Secure tunneling daemon

Copyright (C) 2002-2018 OpenVPN Inc. This program is free software;
you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2
as published by the Free Software Foundation.

*************************************************************************

To get the latest release of OpenVPN, go to:

	https://openvpn.net/index.php/download/community-downloads.html

To Build and Install,

	tar -zxf openvpn-<version>.tar.gz
	cd openvpn-<version>
	./configure
	make
	make install

or see the file INSTALL for more info.

*************************************************************************

For detailed information on OpenVPN, including examples, see the man page
  http://openvpn.net/man.html

For a sample VPN configuration, see
  http://openvpn.net/howto.html

To report an issue, see
  https://community.openvpn.net/openvpn/report

For a description of OpenVPN's underlying protocol,
  see the file ssl.h included in the source distribution.

*************************************************************************

Other Files & Directories:

* configure.ac -- script to rebuild our configure
  script and makefile.

* sample/sample-scripts/verify-cn

  A sample perl script which can be used with OpenVPN's
  --tls-verify option to provide a customized authentication
  test on embedded X509 certificate fields.

* sample/sample-keys/

  Sample RSA keys and certificates.  DON'T USE THESE FILES
  FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE.

* sample/sample-config-files/

  A collection of OpenVPN config files and scripts from
  the HOWTO at http://openvpn.net/howto.html

*************************************************************************

Note that easy-rsa and tap-windows are now maintained in their own subprojects.
Their source code is available here:

  https://github.com/OpenVPN/easy-rsa
  https://github.com/OpenVPN/tap-windows

The old cross-compilation environment (domake-win) and the Python-based
buildsystem have been replaced with openvpn-build:

  https://github.com/OpenVPN/openvpn-build

See the INSTALL file for usage information.