[Desktop-packages] [Bug 1849573] Re: No way to specify tls-version-min or tls-version-max, please include the config options in the GUI config panel.

Mon, 30 Mar 2020 01:11:49 -0700 

** Changed in: network-manager-openvpn
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager-openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/1849573

Title:
  No way to specify tls-version-min or tls-version-max, please include
  the config options in the GUI config panel.

Status in NetworkManager-OpenVPN:
  Fix Released
Status in network-manager-openvpn package in Ubuntu:
  Fix Released

Bug description:
  The OpenVPN plugin for Network Manager does not have any mechanisms to
  interpret tls-version-{min,max} directives for OpenVPN.

  In Debian upstream, especially in Buster and Unstable, they disable
  TLS 1.0, 1.1, and 1.2 by default and use only TLS 1.3 by default.
  Therefore, with OpenVPN servers that only use TLS 1.2 or older, it is
  impossible to establish a tunnel to those locations *unless* you
  specify tls-version-{min,max} in the configurations.

  This can be done in OVPN files for OpenVPN directly, but there is
  currently no mechanism to do this in the GUI.

  This is tracked in Debian https://bugs.debian.org/cgi-
  bin/bugreport.cgi?bug=933177 as the original cause for TLS 1.3
  support, but if Ubuntu ever defaults OpenSSL to not have TLS 1.0-1.2
  support enabled by default, we will be out of luck.

  Upstream, GNOME has not yet merged a merge request which would add
  this option to the GUI: https://gitlab.gnome.org/GNOME/NetworkManager-
  openvpn/merge_requests/15

  Testing in Debian, the patch works against NetworkManager OpenVPN
  there.  I am currently testing these in Focal, Eoan, and Bionic to see
  if this is something we can possibly include at a future date to fix
  this issue long-term.

  In the interim, this tracks the request to get these features in.

To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager-openvpn/+bug/1849573/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to