]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 72a0e6f) | patch
Remove use of 'dh dh2048.pem' from sample configs, remove 'dh2048.pem' file
authorGert Doering <gert@greenie.muc.de>
Wed, 20 Aug 2025 17:54:53 +0000 (19:54 +0200)
committerGert Doering <gert@greenie.muc.de>
Wed, 20 Aug 2025 21:11:33 +0000 (23:11 +0200)
commit2d73540316af3986bcb3e162040b5aaef74b1845
treedfeaa3c70ce231afd5e7a49105a5ae8a84c0d160tree | snapshot
parent72a0e6f94f16a6dcfe2b445758d42dedaba11b92commit | diff
Remove use of 'dh dh2048.pem' from sample configs, remove 'dh2048.pem' file

Since commit bd9aa06feb41 (Jan 2015) OpenVPN has allowed to use
'--dh none' to disable traditional Diffie Hellman, since more secure
ECDH algorithms are available that do not use explicit DH parameters.

If configured with a suffiently high securelevel (3+), or if running in
FIPS mode, OpenSSL 3.5 will refuse 2048 bit DH files, making our tests
fail.

Thus, remove all the DH2048 stuff from our sample configs.

Github: triggered by OpenVPN/openvpn#819

Change-Id: If66438662bd862a195b2a69c4fa45f63838982b7
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20250820175459.11227-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32632.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
doc/tests/authentication-plugins.md diff | blob | blame | history
sample/sample-config-files/loopback-server diff | blob | blame | history
sample/sample-config-files/server.conf diff | blob | blame | history
sample/sample-keys/dh2048.pem [deleted file] blob | blame | history
sample/sample-plugins/keying-material-exporter-demo/server.ovpn diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git