Hi, On 13/11/17 00:36, Steffan Karger wrote: > From: Steffan Karger <[email protected]> > > This allows the user to specify what certificate crypto algorithms to > support. The supported profiles are 'preferred', 'legacy' (default) and > 'suiteb', as discussed in <[email protected]> > (https://www.mail-archive.com/[email protected]/msg14214.html). > > This fully implements the feature for mbed TLS builds, because for mbed it > is both more easy to implement and the most relevant because mbed TLS 2+ > is by default somewhat restrictive by requiring 2048-bit+ for RSA keys. > > For OpenSSL, this implements an approximation based on security levels, as > discussed at the hackathon in Karlsruhe. > > This patch uses 'legacy' as the default profile following discussion on > the openvpn-devel mailing list. This way this patch can be applied to > both the release/2.4 and master branches. I'll send a follow-up patch for > the master branch to change the default to 'preferred' later. > > Signed-off-by: Steffan Karger <[email protected]>
Code looks good, but the commit subject is now wrong, because this patch is actually implementing cert profiles for both mbedTLS and OpenSSL. So I ACK it, but the committer should fix the subject for sake of clarity. I have tested the patch with mbedTLS and with OpenSSL 1.0, but not with OpenSSL 1.1. Acked-by: Antonio Quartulli <[email protected]> -- Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
