On 29/10/2021 13:24, Arne Schwabe wrote:
The recent deprecation of SHA1 certificates in OpenSSL 3.0 makes it necessary
to reallow them in certain deployments. Currently this works by using the
hack of using tls-cipher "DEFAULT:@SECLEVEL=0". Add insecure as option to
tls-cert-profile to allow setting a seclevel of 0.
Patch v4: fix default accidentially changed to insecure
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: Max Fillinger <maximilian.fillin...@foxcrypto.com>
With OpenSSL 3, OpenVPN accepts certs signed with SHA1 if and only if
"--tls-cert-profile insecure" is used.
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
