Hi, Thanks for taking this to the openvpn-devel list.
The proposed patch doesn't follow our approach of hiding the openssl 1.0/1.1 API compatibility mess inside openssl_compat.h, so we'll have to rework it before including it. I will pick this up some time soon, but have very limited access to internet (nor time to hack on openvpn) currently, so it might take me a few weeks. But there won't be a release before that time anyway, and in the mean time users that are really caught by this can put "@SECLEVEL=1" inside their --tls-cipher to work around this if I understand the docs correctly [0]. @Kurt: for future reference, how are we supposed to be aware of these kind of deprecated functions, and how do we know what The New Right Way is? https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes for example does not mention this at all. -Steffan [0] https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_get_security_level.html On 04-10-17 16:38, Bernhard Schmidt wrote: > Hi, > > in https://bugs.debian.org/873302 Kurt Roeckx (Debian OpenSSL > maintainer) submitted a patch for OpenVPN to properly set the minimum > and maximum TLS version. On Debian Buster (current development) OpenSSL > 1.1 defaults to TLSv1.2+ only. > > I'm unwilling to carry crypto specific patches in Debian. Can anyone > make some sense out of this and apply the patch if possible? > > Please keep Kurt CCed and direct any questions to him. > > Bernhard > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
