git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Fri, 29 Oct 2021 11:24:07 +0000 (13:24 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Fri, 5 Nov 2021 15:31:48 +0000 (16:31 +0100)
commit	23efeb7a0bd9e0a6d997ae6e77e0e04170da3e67
tree	3c1bf5e13ab1674a049cc81245e0d1dea2d8462c	tree
parent	31e200f807033ac27566bf37a8d9d32820600a83	commit \| diff

Add insecure tls-cert-profile options

The recent deprecation of SHA1 certificates in OpenSSL 3.0 makes it
necessary to reallow them in certain deployments. Currently this works
by using the hack of using tls-cipher "DEFAULT:@SECLEVEL=0".

Add "insecure" as option to tls-cert-profile to allow setting a seclevel of 0.

Patch v4: fix default accidentially changed to insecure

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Message-Id: <20211029112407.2004234-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23076.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

doc/man-sections/tls-options.rst		diff \| blob \| blame \| history
src/openvpn/ssl_mbedtls.c		diff \| blob \| blame \| history
src/openvpn/ssl_openssl.c		diff \| blob \| blame \| history