Am 27.03.22 um 17:52 schrieb Michael Baentsch:
Thanks again for your explanations: I finally figured out to correct my
git send-email configuration `smtpencryption` to be set to "ssl"
(instead of "tls": The latter caused a hang that I debugged for way too
long :-(. Maybe worth while adding to some FAQ for newbies? The guidance
at
https://github.com/git/git/blob/master/Documentation/git-send-email.txt
was clearly wrong.
Please let me know if that submission now arrived and meets your
requirements.
The commit message is still not great. Something I would have used instead:
Allow non-standard EC groups with OpenSSL3
OpenSSL3 no longer uses the NID to identify TLS groups, instead it uses
names. This allows also to use groups from external provider. It also
recognises secp256r1 as the same group as prime256v1.
One further question: Is there interest on your side to add more/better
support for quantum-safe crypto to OpenVPN?
Depends on what changes you are proposing. There is certainly some
interest but depends on what exactly we are talking about.
easyrsa isn't geared for
that right now (let alone suitably named :-), but openssl3 (with our
oqsprovider) can generate quantum-safe PKI (CA and client certs) without
problems.
Easyrsa has become also separate project. Development and maintainance
of easyrsa have become quite slow in the last years.
Quantum-safe key exchange works in OpenVPN just fine when the PR lands.
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
