Am 07.11.21 um 10:01 schrieb Arne Schwabe:
We already removed the check in d67658fee for OpenSSL 3.0. This removes the
checks entirely for all crypto libraries.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/crypto.c | 15 --------
src/openvpn/crypto_backend.h | 28 ---------------
src/openvpn/crypto_mbedtls.c | 56 ------------------------------
src/openvpn/crypto_openssl.c | 66 ------------------------------------
4 files changed, 165 deletions(-)
- /* DES is deprecated and the method to even check the keys is deprecated
- * in OpenSSL 3.0. Instead of checking for the 16 weak/semi-weak keys
- * we just accept them in OpenSSL 3.0 since the risk of randomly getting
- * these is pretty low (and "all DES keys are weak" anyway) */
- return true;
Should not we nuke DES altogether in that case? Or am I misunderstanding
the patch?
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel