mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-19 19:42:30 +02:00
OpenVPN is an open source VPN daemon
8353ae8075
By default OpenSSL 1.1+ only allows signatures and ecdh/ecdhx from the default list of X25519:secp256r1:X448:secp521r1:secp384r1. In TLS1.3 key exchange is independent from the signature/key of the certificates, so allowing all groups per default is not a sensible choice anymore and instead a shorter list is reasonable. However, when using certificates with exotic curves that are not on the group list, the signatures of these certificates will no longer be accepted. The tls-groups option allows to modify the group list to account for these corner cases. Patch V2: Uses local gc_arena instead of malloc/free, reword commit message. Fix other typos/clarify messages Patch V3: Style fixes, adjust code to changes from mbedTLS session fix Patch V5: Fix compilation with OpenSSL 1.0.2 Patch V6: Redo the 'while((token = strsep(&tmp_groups, ":"))' change which accidentally got lost. Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Antonio Quartulli <antonio@openvpn.net> Message-Id: <20200721154922.17144-1-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20521.html Signed-off-by: Gert Doering <gert@greenie.muc.de> |
||
---|---|---|
.github | ||
.travis | ||
build | ||
contrib | ||
debug | ||
dev-tools | ||
distro | ||
doc | ||
include | ||
m4 | ||
sample | ||
src | ||
tests | ||
.git-blame-ignore-revs | ||
.gitattributes | ||
.gitignore | ||
.mailmap | ||
.svncommitters | ||
.travis.yml | ||
AUTHORS | ||
ChangeLog | ||
Changes.rst | ||
compat.m4 | ||
config-msvc-version.h.in | ||
config-msvc.h | ||
configure.ac | ||
CONTRIBUTING.rst | ||
COPYING | ||
COPYRIGHT.GPL | ||
INSTALL | ||
Makefile.am | ||
msvc-build.bat | ||
msvc-dev.bat | ||
msvc-env.bat | ||
NEWS | ||
openvpn.sln | ||
PORTS | ||
README | ||
README.ec | ||
README.IPv6 | ||
README.mbedtls | ||
TODO.IPv6 | ||
version.m4 | ||
version.sh.in |
OpenVPN -- A Secure tunneling daemon Copyright (C) 2002-2018 OpenVPN Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. ************************************************************************* To get the latest release of OpenVPN, go to: https://openvpn.net/index.php/download/community-downloads.html To Build and Install, tar -zxf openvpn-<version>.tar.gz cd openvpn-<version> ./configure make make install or see the file INSTALL for more info. ************************************************************************* For detailed information on OpenVPN, including examples, see the man page http://openvpn.net/man.html For a sample VPN configuration, see http://openvpn.net/howto.html To report an issue, see https://community.openvpn.net/openvpn/report For a description of OpenVPN's underlying protocol, see the file ssl.h included in the source distribution. ************************************************************************* Other Files & Directories: * configure.ac -- script to rebuild our configure script and makefile. * sample/sample-scripts/verify-cn A sample perl script which can be used with OpenVPN's --tls-verify option to provide a customized authentication test on embedded X509 certificate fields. * sample/sample-keys/ Sample RSA keys and certificates. DON'T USE THESE FILES FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE. * sample/sample-config-files/ A collection of OpenVPN config files and scripts from the HOWTO at http://openvpn.net/howto.html ************************************************************************* Note that easy-rsa and tap-windows are now maintained in their own subprojects. Their source code is available here: https://github.com/OpenVPN/easy-rsa https://github.com/OpenVPN/tap-windows The old cross-compilation environment (domake-win) and the Python-based buildsystem have been replaced with openvpn-build: https://github.com/OpenVPN/openvpn-build See the INSTALL file for usage information.