On 11-Apr-18 19:54, Selva Nair wrote:


Anyone using --cryptoapicert option on Windows with hardware tokens? If so could you please test 2.4.5 and the patched executable here: https://github.com/selvanair/openvpn/releases/tag/cng-fix <https://github.com/selvanair/openvpn/releases/tag/cng-fix>

I'm particularly interested in cases where TLS 1.2 is negotiated with tokens accessed via Windows Cryptography API (cryptoapicert) and not PKCS11.

For background see https://community.openvpn.net/openvpn/ticket/1050 <https://community.openvpn.net/openvpn/ticket/1050>

I've added a comment: on windows 7 + Safenet eToken it does not work for me. I get a warning:

Fri Apr 13 15:02:53 2018 us=322245 WARNING: cryptoapicert: private key is in a legacy store. Restricting TLS version to 1.1

How can I work around that?



Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Openvpn-users mailing list

Reply via email to