On 03/06/2022 11:52, Arne Schwabe wrote:
Modern TLS libraries might drop Blowfish by default or distributions
might disable Blowfish in OpenSSL/mbed TLS. We still signal OCC
options with BF-CBC compatible strings. To avoid requiring BF-CBC
for this, special this one usage of BF-CBC enough to avoid a hard
requirement on Blowfish in the default configuration.
This patch is cherry-picked from 79ff3f79 and the missing
ciphername = "none"; has been added in the OCC code.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/crypto_backend.h | 2 ++
src/openvpn/init.c | 37 +++++++++++++++++++++------
src/openvpn/options.c | 48 +++++++++++++++++++++++++++++++-----
3 files changed, 73 insertions(+), 14 deletions(-)
Just for the record. This patch has been included into Fedora 36 and
EPEL-9 builds, released as openvpn-2.5.7-2.
Fedora 36 users has reported that this patch resolves issues which
surfaced when upgrading to openvpn-2.5.7-1.
A few references:
<https://bodhi.fedoraproject.org/updates/FEDORA-2022-8ca0f56650>
<https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-dd161a4d75>
<https://bugzilla.redhat.com/show_bug.cgi?id=2092800>
<https://bugzilla.redhat.com/show_bug.cgi?id=2093069>
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
