From: Arne Schwabe Date: Thu, 4 Dec 2025 12:42:16 +0000 (+0100) Subject: Add a section about wolfSSL GPLv3 and point out missing TLS PRF support X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=603fe533a429e99f6b9e39304e0a1a0391af0547;p=thirdparty%2Fopenvpn.git Add a section about wolfSSL GPLv3 and point out missing TLS PRF support Change-Id: I4f9a6baf2bdb45e5b79bf13c9f6fce3b7a2e982c Signed-off-by: Arne Schwabe Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1416 Message-Id: <20251204124221.15206-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34840.html Signed-off-by: Gert Doering --- diff --git a/README.wolfssl b/README.wolfssl index 3918d0fcd..3e531aece 100644 --- a/README.wolfssl +++ b/README.wolfssl @@ -28,7 +28,17 @@ following features are missing * blowfish support (BF-CBC), you must use something like cipher AES-128-CBC to avoid trying to use BF-CBC * Windows CryptoAPI support + * No TLS1.0 PRF support (No compaitbility with OpenVPN 2.5 or older or + other build that do not support TLS EKM) + +************************************************************************* +Newer wolfSSL versions (5.8.2 and newer) are GPLv3 licensed and this license is not +compatible with OpenVPN's GPLv2 license. + +However wolfSSL Inc has granted an exception to combine the wolfSSL library +with OpenVPN and OpenVPN-NL (https://github.com/wolfSSL/wolfssl/blob/master/LICENSING) +with version 5.8.4 and later. ************************************************************************* To build WolfSSL with post-quantum KEMs built in, the following command is used: