On Thu, Oct 21, 2021 at 5:42 AM Arne Schwabe <a...@rfc2549.org> wrote:
> > > > > > > Apart from the wrong cipher type that Max pointed out, this call will > > fail in OpenSSL 3.0 unless legacy is loaded, right? Causing a run-time > > error in that case sounds good to me but a helpful error message like > > legacy provider may be required or even a check whether legacy is loaded > > and error out appropriately would be helpful. > > > > PS: can't we just get rid of the use of DES altogether? > > > > As Gert pointed out that NTLM depends on it. We can trick a bit here > with DES-EDE and three times the same key but yes it should have a > better error message. > Oh, proxy with ntlm auth... That will have to live on for a while longer. In that case we could load the legacy provider if http-proxy with auto, auto-nct or ntlm is in options (in a separate patch), and can leave the generic error message in this patch? Selva
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
