-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 One of the recent new features in the OpenVPN development code is support for TLS version negotiation by a peer; this means that when both sides support a TLSv1.2 connection, this version will be used, which in particular allows the use of the newer 'Suite B' cipher-suites. It is expected that a future release in the 2.3.x series will include this support.
This feature will gracefully fall back to the current (as of 2.3.2) TLSv1.0 support, unless a new option is used to strictly require a minimum TLS version; using it when communicating to an older version should continue working as it does today. There was one case so far where a _very_ old OpenVPN server on a dd-wrt system caused issues for a client that was built with this feature. One of the devs was unable to reproduce this issue (using either the OpenVPN version, or OpenSSL version), so at this time it is unexpected that this will pose any real-world problem. However, if you are interested in doing early testing if you have a very old (or perhaps customized server that changed components of the TLS handshake or OpenSSL subsystem) you are encouraged to try this feature out in advance of an official release. Given the relative complexity of creating usable Windows builds, I have decided to create a "preview build" that uses identical component versions to 2.3.2, but added in this TLS negotiation feature from the git master branch [2]. If you'd like to try out this feature in advance of its inclusion in a future official OpenVPN release, please see my "OpenVPN Previews" project [1]. I am targeting Windows specifically with this project since Unix-alikes generally have far more graceful ways to create custom builds. [1] OpenVPN Previews project: http://sourceforge.net/projects/openvpnpreviews/ [2] GitHub commit for the TLS version negotiation support: https://github.com/OpenVPN/openvpn/commit/4b67f9849ab3efe89268e01afddc7795f38d0f64 - -- Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQGcBAEBAgAGBQJSGm+gAAoJENcx2Xpgb9RjaBML/3ghNuOVOJa8ZrDcdg3CTukw A+2SDZpq1y2kKEaqIKgripDKIpzGWmD68op17w1iWAlIkEM3UuIbzMcQTmCoacT0 m0wTzxbymaJqf3+4K9FTMaLfQrp4VtRJ2q2EGqKDZ2YL/SUXyKdjbHi84N4AyIIi zzTuPXBpL0tDlzSYC/7XCbQYWhvh4/K6Ow5gf3AChKJ/imEVVLoOc2WyqBhgx5dS Vx8DToi+Cme2VD+ICOSiR9/t73ud6PaRs4whqRCd0xb1kMebzMn24vnJDhDXm/mT feMvZaFGJ7v8czhoadSeLbfACqJgYuVdsKmzjQNmbcu+RNrso2vWLm4VBzQQYhRR WALAdrqMu9r6nm7VCavpr4zF2bCsfl/mE6FjnwWNYOy6A21rd0i/yyN7RolnYxs7 hqu4lprDCidiiCxPrRQoj1qWaVhK19K6EJeVWqUjqaPT9hdpqZckHeNyyGj00TTo 0dMzAbdOwz1tEASQWWg0Y1CQwQn9npRdAj9YY19mwg== =pGIu -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
