git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Thu, 4 Jan 2024 14:02:14 +0000 (15:02 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 4 Jan 2024 14:26:48 +0000 (15:26 +0100)
commit	fa7960961415fa4f368e9bbb39dc4047680ff30c
tree	726b992b3518d97d8def77d23d02ebab50b8b005	tree
parent	76d11614797617708c31dc3db22e3568fee3de6d	commit \| diff

Check PRF availability on initialisation and add --force-tls-key-material-export

We now warn a user if the TLS 1.0 PRF is not supported by the cryptographic
library of the system. Also add the option --force-tls-key-material-export
that automatically rejects clients that do not support TLS Keying Material
Export and automatically enable it when TLS 1.0 PRF support is not available.

Change-Id: I04f8c7c413e7cb62c726262feee6ca89c7e86c70
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20240104140214.32196-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27924.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

doc/man-sections/protocol-options.rst		diff \| blob \| blame \| history
src/openvpn/crypto.c		diff \| blob \| blame \| history
src/openvpn/crypto.h		diff \| blob \| blame \| history
src/openvpn/multi.c		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history
src/openvpn/options.h		diff \| blob \| blame \| history