Hello.
I have just build openvpn with openvpn-build with these versions:
OPENSSL_VERSION="${OPENSSL_VERSION:-1.0.2k}"
PKCS11_HELPER_VERSION="${PKCS11_HELPER_VERSION:-1.11}"
LZO_VERSION="${LZO_VERSION:-2.10}"
TAP_WINDOWS_VERSION="${TAP_WINDOWS_VERSION:-9.21.2}"
OPENVPN_VERSION="${OPENVPN_VERSION:-2.4.1}"
OPENVPN_GUI_VERSION="${OPENVPN_GUI_VERSION:-11}"Compilation success, no problem. i modified openssl.cnf to include engine gost. openssl_conf = openssl_def [ openssl_def ] engines = engine_section [ engine_section ] gost = gost_section [gost_section] default_algorithms=ALL engine_id=gost openssl ciphers | tr ":" "\n" | grep GOST GOST2001-GOST89-GOST89 GOST94-GOST89-GOST89 openssl list-message-digest-algorithms | grep gost gost-mac md_gost94 gost-mac md_gost94 openssl shows me GOST. ------ gost-server.ovpn ----- dev tap engine gost auth gost-mac cipher gost89 tls-cipher GOST2001-GOST89-GOST89 #comp-lzo yes ca ca.crt cert server.crt key server.key dh dhparam.pem server 10.0.0.0 255.255.255.0 keepalive 10 120 proto tcp socket-flags TCP_NODELAY persist-key persist-tun openvpn gost-server.ovpn says me -- Initializing OpenSSL support for engine 'gost' -- Deprecated TLS cipher name 'GOST2001-GOST89-GOST89', please use IANA name 'TLS_GOSTR341001_WITH_28147_CNT_IMIT' -- OpenSSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match -- Failed to set restricted TLS cipher list: GOST2001-GOST89-GOST89 -- Exiting due to fatal error Please help with this problem
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
