[Openvpn-devel] IRC community meeting summary

Wed, 22 Nov 2023 07:04:27 -0800 

Meeting summary for 22 November 2023:

 * *Closed: OpenVPN 2.6.7 release*
   /2.6.7 was released, and followed up with 2.6.8./

 * *Closed: OpenVPN 2.6.8 release*
   /2.6.8 was released on Friday 17 November./

 * *Updated: Publish security assessment of OpenVPN2 on main website.*
   /Trail of Bits security audit of OpenVPN2
   published:https://openvpn.net/blog/trail-of-bits//

 * *Updated: Website release process woes*
   /Website team reports they are going to publish the new CMS for
   community downloads and security advisories next week./

 * *New: TLS 1.0 PRF problem*
   /OpenVPN has used a scheme based on the TLS 1.0 PRF with MD5+SHA1 in
   the past. Since OpenVPN 2.6.0+ and 3.6.0+ using Keying Material
   Exporters (RFC 5705) is preferrred as modern alternative to
   that.//If one or both sides are older versions of OpenVPN like 2.5
   and use the older method of making key material, there can be a
   problem./
   /For example on platforms like RHEL9 with FIPS enabled, you cannot
   use TLS 1.0 PRF with MD5+SHA1. So even for these special cases MD5
   has become impossible in this particular situation./
   /As a practical example, this means OpenVPN 2.5 on RHEL9 with FIPS
   enabled cannot work at all. But 2.6 does work because it uses TLS
   export, but only if the other side supports TLS export too./
   /We should first of all document this. But second, having a
   self-test in OpenVPN that warns of this situation can be beneficial./

 * *Updated: License amendment for OpenVPN2 to solve openssl/mbedtls
   licensing issues*
   /For new contributions the new license already applies./
   /The --tls-export-cert option needs to be removed, and
   reimplemented. dazo sent in the patch to remove it, plaisthos will
   reimplement it./
   /Then it is up to dazo to review things so we can work on finalizing
   this./
   /One of the last tasks is reviewing if remaining items are trivial
   patches, and maybe get legal advice on those if necessary./
As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. 

Kind regards,
Johan Draaisma

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to