Later OpenVPN 2.3-openssl versions only enable TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE cipher suites. ECDHE key exchange is not supported by OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE OpenVPN 2.4-mbedtls clients to connect to such servers.
Signed-off-by: Magnus Kroken <mkro...@gmail.com> Reported-by: Martin Blumenstingl <martin.blumensti...@googlemail.com> Reported-by: Lucian Cristian <l...@createc.ro> --- package/libs/mbedtls/patches/200-config.patch | 9 --------- 1 file changed, 9 deletions(-) diff --git a/package/libs/mbedtls/patches/200-config.patch b/package/libs/mbedtls/patches/200-config.patch index bb74e61..dcee704 100644 --- a/package/libs/mbedtls/patches/200-config.patch +++ b/package/libs/mbedtls/patches/200-config.patch @@ -82,15 +82,6 @@ /** * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -@@ -622,7 +622,7 @@ - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - */ --#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED -+//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - - /** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -695,7 +695,7 @@ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 -- 2.1.4 _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
