Re: [Openvpn-devel] [ovpn-dco] Is cbc-hmac supported?

Hi Jan, Yeah, need option " -elapsed" because OpenSSL counts user time instead of total time(user+sys time) without this option. You can see: * aes-128-cbc and sha1 are accelerated by HW engine. I believe speed is faster for openvpn dco module because it uses the HW engine in kernel space and

[Openvpn-devel] Summary of the community meeting (3rd December 2020)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Thu 3rd December 2020 Time: 20:00 CET (19:00 UTC) Planned meeting topics for this meeting were here: Your local

[Openvpn-devel] Community meetings in December 2020

Hi, Our community meetings will alternate between Wed 11:30 CET and Thu 20:00 CET. Next meetings have been scheduled to - Thu 3rd December 20:00 CET (ongoing) - Wed 9th December 11:30 CET - Thu 17th December 20:00 CET The place is #openvpn-meeting IRC channel at Freenode. Meeting agendas and

Re: [Openvpn-devel] [PATCH 1/2 v2] tls-crypt-v2: fix server memory leak

Hi, On 03/12/2020 19:22, Steffan Karger wrote: > tls-crypt-v2 was developed in parallel with the changes that allowed to > use tls-auth/tls-crypt in connection blocks. The tls-crypt-v2 patch set > was never updated to the new reality after commit 5817b49b, causing a > memory leak of about 600

[Openvpn-devel] [PATCH 1/2 v2] tls-crypt-v2: fix server memory leak

tls-crypt-v2 was developed in parallel with the changes that allowed to use tls-auth/tls-crypt in connection blocks. The tls-crypt-v2 patch set was never updated to the new reality after commit 5817b49b, causing a memory leak of about 600 bytes for each connecting client. It would be nicer to not

Re: [Openvpn-devel] [PATCH 1/2] tls-crypt-v2: fix server memory leak

Hi Steffan, On 03/12/2020 16:49, Steffan Karger wrote: > diff --git a/src/openvpn/init.c b/src/openvpn/init.c > index 27a4170d..5cde8a4b 100644 > --- a/src/openvpn/init.c > +++ b/src/openvpn/init.c > @@ -3619,6 +3619,7 @@ do_close_free_key_schedule(struct context *c, bool > free_ssl_ctx) >

Re: [Openvpn-devel] [PATCH 2/2] tls-crypt-v2: also preload tls-crypt-v2 keys (if --persist-key)

Am 03.12.20 um 16:49 schrieb Steffan Karger: > This allows tls-crypt-v2 servers to drop privileges after reading the > keys. Without it, the server would try to read the key file for each > connecting client. (And clients for each reconnect.) > > As with the previous patch, the pre-loading was

[Openvpn-devel] [PATCH 2/2] tls-crypt-v2: also preload tls-crypt-v2 keys (if --persist-key)

This allows tls-crypt-v2 servers to drop privileges after reading the keys. Without it, the server would try to read the key file for each connecting client. (And clients for each reconnect.) As with the previous patch, the pre-loading was developed in parallel with tls-crypt-v2, and the

[Openvpn-devel] [PATCH 1/2] tls-crypt-v2: fix server memory leak

tls-crypt-v2 was developed in parallel with the changes that allowed to use tls-auth/tls-crypt in connection blocks. The tls-crypt-v2 patch set was never updated to the new reality after commit 5817b49b, causing a memory leak of about 600 bytes for each connecting client. It would be nicer to not

Re: [Openvpn-devel] [PATCH v2] Fix port-share option with TLS-Crypt v2

Hi, On 30-11-2020 13:38, Arne Schwabe wrote: > The port-share option assumed that all openvpn initial reset packets > are between 14 and 255 bytes long. This is not true for tls-crypt-v2. > > Patch V2: use correct length for TLS-Crypt v2, use length variable > non-tlscryptv2 test > >

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

Am 03.12.20 um 14:32 schrieb Juliusz Sosinowicz: > Hi Arne, > > I didn't send a new patch yet because I only wanted to provide an update > that progress is being made. I'm attaching an updated patch if you are > interested. > > I didn't get that error when compiling wolfSSL with the compile

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

Hi Arne, I didn't send a new patch yet because I only wanted to provide an update that progress is being made. I'm attaching an updated patch if you are interested. I didn't get that error when compiling wolfSSL with the compile options you provided. Is it possible that you didn't run

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

Am 19.11.20 um 13:23 schrieb Juliusz Sosinowicz: > Hi Arne, > > some time has passed and I was able to address most of your comments in > my branch > https://github.com/julek-wolfssl/wolfssl/tree/openvpn-2.5-missing-stuff > > To summarize what has been done regarding your comments: > > * SHA1