Am 06.04.21 um 13:51 schrieb Antonio Quartulli: > Hi, > > On 06/04/2021 13:14, Gert Doering wrote: >> Now... what *is* the oldest mbedtls version we should reasonably support? >> >> For OpenSSL, we're stuck to 1.0.2 for the time being as that's still >> the primary (and bugfix-backported) version on FreeBSD 11 and on RHEL >> versions still supported. For mbedTLS I have no idea. > > Good question. I was wondering the same. > > Debian 10 (stable) is on mbedtls-2.16.0 > CentOS 8 is on mbedtls-2.16.9 > Fedora EPEL 8 (and up to Fedora 35) is on mbedtls-2.16.9 > > ** Ubuntu 18.04 is on mbedtls-2.8.0 ** > Ubuntu 20.04 is on mbedtls-2.16.4 > > At this point I believe that assuming mbedtls >= 2.16.0 is meaningful. > > Distros shipping something older are probably not going to ship a recent > OpenVPN either. > > Opinions? >
If we adjust the minimum mbed TLS version we should also change the check in configure.ac that checks for the minimum version as well. mbed TLS 2.16.0 has been released end of 2018, so that version is "only" a bit over two years old. Currently mbed TLS 2.7 is still a supported LTS release, so if it is not too much effort, I think we should still support it. Arne _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
