Hi,
On 11-Apr-18 19:54, Selva Nair wrote:
Hi,
Anyone using --cryptoapicert option on Windows with hardware tokens?
If so could you please test 2.4.5 and the patched executable here:
https://github.com/selvanair/openvpn/releases/tag/cng-fix
<https://github.com/selvanair/openvpn/releases/tag/cng-fix>
I'm particularly interested in cases where TLS 1.2 is negotiated with
tokens accessed via Windows Cryptography API (cryptoapicert) and not
PKCS11.
For background see https://community.openvpn.net/openvpn/ticket/1050
<https://community.openvpn.net/openvpn/ticket/1050>
I've added a comment: on windows 7 + Safenet eToken it does not work for
me. I get a warning:
Fri Apr 13 15:02:53 2018 us=322245 WARNING: cryptoapicert: private key
is in a legacy store. Restricting TLS version to 1.1
How can I work around that?
cheers,
JJK
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
