Hi,
On 20-01-17 23:01, David Sommerseth wrote:
> This actually tries to revert commit ec4dff3bbdcc9fedf7844 ... which is
> quite surprising.
>
> [...snip...]
>
> And this too is also a revert of the same commit as above.
>
> Had it been just a simple rebase, I'd be willing to tackle that
> on-t
On 18/12/16 17:40, Steffan Karger wrote:
> Our internal options digest uses MD5 hashes to store the state, instead of
> storing the full options string. There's nothing wrong with that, but it
> would still be better to use SHA256 because:
> * That makes it easier to make OpenVPN "FIPS-compliant"
On 26/12/16 00:20, Steffan Karger wrote:
> Hi,
>
> On 18-12-16 22:26, Gert Doering wrote:
>> On Sun, Dec 18, 2016 at 05:40:55PM +0100, Steffan Karger wrote:
>>> Our internal options digest uses MD5 hashes to store the state, instead of
>>> storing the full options string. There's nothing wrong wi
Am 26.12.16 um 08:05 schrieb Gert Doering:
> Hi,
>
> On Mon, Dec 26, 2016 at 12:20:53AM +0100, Steffan Karger wrote:
>> The oldest OpenSSL we support in release/2.4 and master is 0.9.8, and
>> has SHA256 support (was introduced in 2004). Also, the --tls-crypt
>> feature already unconditionally re
Am 26.12.16 um 09:14 schrieb Steffan Karger:
> openssl dgst -sha256
works for me
[9:37]{SIGINT}arne@styx:~% openssl version
OpenSSL 0.9.8zh 14 Jan 2016
[9:37]arne@styx:~% openssl dgst -sha256
abcd^D
fc4b5fd6816f75a7c81fc8eaa9499d6a299bd803397166e8c4cf9280b801d62c
[9:37]arne@styx:~%
But anyway. I
On 26 December 2016 at 04:18, Jonathan K. Bullard wrote:
> The OpenSSL included in macOS (was OS X) 10.11 and 10.12 (the two
> most recent versions) is 0.9.8zh (an Apple-patched version) and as far
> as I can tell, it does not seem to include SHA256 (i.e., "openssl sha1
> foo" works but "openssl
Hi,
On Mon, Dec 26, 2016 at 12:20:53AM +0100, Steffan Karger wrote:
> The oldest OpenSSL we support in release/2.4 and master is 0.9.8, and
> has SHA256 support (was introduced in 2004). Also, the --tls-crypt
> feature already unconditionally requires SHA256 to be available.
Good enough for me.
On Sun, Dec 25, 2016 at 6:20 PM, Steffan Karger wrote:
> Hi,
>
> On 18-12-16 22:26, Gert Doering wrote:
>> On Sun, Dec 18, 2016 at 05:40:55PM +0100, Steffan Karger wrote:
>>> Our internal options digest uses MD5 hashes to store the state, instead of
>>> storing the full options string. There's no
Hi,
On 18-12-16 22:26, Gert Doering wrote:
> On Sun, Dec 18, 2016 at 05:40:55PM +0100, Steffan Karger wrote:
>> Our internal options digest uses MD5 hashes to store the state, instead of
>> storing the full options string. There's nothing wrong with that, but it
>> would still be better to use SH
Hi,
On Sun, Dec 18, 2016 at 05:40:55PM +0100, Steffan Karger wrote:
> Our internal options digest uses MD5 hashes to store the state, instead of
> storing the full options string. There's nothing wrong with that, but it
> would still be better to use SHA256 because:
> * That makes it easier to m
Our internal options digest uses MD5 hashes to store the state, instead of
storing the full options string. There's nothing wrong with that, but it
would still be better to use SHA256 because:
* That makes it easier to make OpenVPN "FIPS-compliant" (forbids MD5)
* We don't have to explain anymor
11 matches
Mail list logo