Re: [Openvpn-devel] [PATCH] Use SHA256 for the internal digest, instead of MD5

Hi, On 20-01-17 23:01, David Sommerseth wrote: > This actually tries to revert commit ec4dff3bbdcc9fedf7844 ... which is > quite surprising. > > [...snip...] > > And this too is also a revert of the same commit as above. > > Had it been just a simple rebase, I'd be willing to tackle that >

Re: [Openvpn-devel] [PATCH] Use SHA256 for the internal digest, instead of MD5

On 26/12/16 00:20, Steffan Karger wrote: > Hi, > > On 18-12-16 22:26, Gert Doering wrote: >> On Sun, Dec 18, 2016 at 05:40:55PM +0100, Steffan Karger wrote: >>> Our internal options digest uses MD5 hashes to store the state, instead of >>> storing the full options string. There's nothing wrong

Re: [Openvpn-devel] [PATCH] Use SHA256 for the internal digest, instead of MD5

Am 26.12.16 um 08:05 schrieb Gert Doering: > Hi, > > On Mon, Dec 26, 2016 at 12:20:53AM +0100, Steffan Karger wrote: >> The oldest OpenSSL we support in release/2.4 and master is 0.9.8, and >> has SHA256 support (was introduced in 2004). Also, the --tls-crypt >> feature already unconditionally

Re: [Openvpn-devel] [PATCH] Use SHA256 for the internal digest, instead of MD5

Am 26.12.16 um 09:14 schrieb Steffan Karger: > openssl dgst -sha256 works for me [9:37]{SIGINT}arne@styx:~% openssl version OpenSSL 0.9.8zh 14 Jan 2016 [9:37]arne@styx:~% openssl dgst -sha256 abcd^D fc4b5fd6816f75a7c81fc8eaa9499d6a299bd803397166e8c4cf9280b801d62c [9:37]arne@styx:~% But anyway.

Re: [Openvpn-devel] [PATCH] Use SHA256 for the internal digest, instead of MD5

On 26 December 2016 at 04:18, Jonathan K. Bullard wrote: > The OpenSSL included in macOS (was OS X) 10.11 and 10.12 (the two > most recent versions) is 0.9.8zh (an Apple-patched version) and as far > as I can tell, it does not seem to include SHA256 (i.e., "openssl sha1 >

Re: [Openvpn-devel] [PATCH] Use SHA256 for the internal digest, instead of MD5

Hi, On Mon, Dec 26, 2016 at 12:20:53AM +0100, Steffan Karger wrote: > The oldest OpenSSL we support in release/2.4 and master is 0.9.8, and > has SHA256 support (was introduced in 2004). Also, the --tls-crypt > feature already unconditionally requires SHA256 to be available. Good enough for me.

Re: [Openvpn-devel] [PATCH] Use SHA256 for the internal digest, instead of MD5

On Sun, Dec 25, 2016 at 6:20 PM, Steffan Karger wrote: > Hi, > > On 18-12-16 22:26, Gert Doering wrote: >> On Sun, Dec 18, 2016 at 05:40:55PM +0100, Steffan Karger wrote: >>> Our internal options digest uses MD5 hashes to store the state, instead of >>> storing the full options

Re: [Openvpn-devel] [PATCH] Use SHA256 for the internal digest, instead of MD5

Hi, On 18-12-16 22:26, Gert Doering wrote: > On Sun, Dec 18, 2016 at 05:40:55PM +0100, Steffan Karger wrote: >> Our internal options digest uses MD5 hashes to store the state, instead of >> storing the full options string. There's nothing wrong with that, but it >> would still be better to use

Re: [Openvpn-devel] [PATCH] Use SHA256 for the internal digest, instead of MD5

Hi, On Sun, Dec 18, 2016 at 05:40:55PM +0100, Steffan Karger wrote: > Our internal options digest uses MD5 hashes to store the state, instead of > storing the full options string. There's nothing wrong with that, but it > would still be better to use SHA256 because: > * That makes it easier to

[Openvpn-devel] [PATCH] Use SHA256 for the internal digest, instead of MD5

Our internal options digest uses MD5 hashes to store the state, instead of storing the full options string. There's nothing wrong with that, but it would still be better to use SHA256 because: * That makes it easier to make OpenVPN "FIPS-compliant" (forbids MD5) * We don't have to explain