Am 07.11.21 um 10:01 schrieb Arne Schwabe:
We already removed the check in d67658fee for OpenSSL 3.0. This removes the
checks entirely for all crypto libraries.

Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
  src/openvpn/crypto.c         | 15 --------
  src/openvpn/crypto_backend.h | 28 ---------------
  src/openvpn/crypto_mbedtls.c | 56 ------------------------------
  src/openvpn/crypto_openssl.c | 66 ------------------------------------
  4 files changed, 165 deletions(-)
-    /* DES is deprecated and the method to even check the keys is deprecated
-     * in OpenSSL 3.0. Instead of checking for the 16 weak/semi-weak keys
-     * we just accept them in OpenSSL 3.0 since the risk of randomly getting
-     * these is pretty low (and "all DES keys are weak" anyway) */
-    return true;

Should not we nuke DES altogether in that case? Or am I misunderstanding
the patch?



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to