[Openvpn-devel] [PATCH v2 2/2] TLS v1.2 support for cryptoapicert -- RSA only

From: Selva Nair - If an NCRYPT handle for the private key can be obtained, use NCryptSignHash from the Cryptography NG API to sign the hash. This should work for all keys in the Windows certifiate stores but may fail for keys in a legacy token, for example. In such cases, we disable TLS

[Openvpn-devel] [PATCH] Add SSL_CTX_get_max_proto_version() not in openssl 1.0

From: Selva Nair - No change in functionality. This is used in a subsequent patch for extending TLS1.2 support with cryptoapicert Signed-off-by: Selva Nair --- src/openvpn/openssl_compat.h | 23 +++ 1 file changed, 23 insertions(+) diff --git a/src/openvpn/openssl_compat

Re: [Openvpn-devel] [PATCH 1/3 v4] Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+

hello On 19/01/18 21:58, Selva Nair wrote: Hi, Thanks for last and final v4 :) On Fri, Jan 19, 2018 at 4:27 PM, Steffan Karger wrote: As described in <80e6b449-c536-dc87-7215-3693872bc...@birkenwald.de> on the openvpn-devel mailing list, --tls-version-min no longer works with OpenSSL 1.1.

Re: [Openvpn-devel] [PATCH 1/3 v4] Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+

Hi, Thanks for last and final v4 :) On Fri, Jan 19, 2018 at 4:27 PM, Steffan Karger wrote: > As described in <80e6b449-c536-dc87-7215-3693872bc...@birkenwald.de> on > the openvpn-devel mailing list, --tls-version-min no longer works with > OpenSSL 1.1. Kurt Roeckx posted in a debian bug report

[Openvpn-devel] [PATCH 1/3 v4] Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+

As described in <80e6b449-c536-dc87-7215-3693872bc...@birkenwald.de> on the openvpn-devel mailing list, --tls-version-min no longer works with OpenSSL 1.1. Kurt Roeckx posted in a debian bug report: "This is marked as important because if you switch to openssl 1.1.0 the defaults minimum version i

Re: [Openvpn-devel] [PATCH 1/3 v3] Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+

Hi, On 19-01-18 21:56, Selva Nair wrote: > Thanks for the v3. > > All good except (sorry to say that :) > > The compat versions of SSL_CTX_get_max_proto_version and its min counterpart > should return a long or int not void. Assuming we want to continue > supporting  > openssl 1.0. > > This was

Re: [Openvpn-devel] [PATCH 1/3 v3] Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+

Hi, Thanks for the v3. All good except (sorry to say that :) The compat versions of SSL_CTX_get_max_proto_version and its min counterpart should return a long or int not void. Assuming we want to continue supporting openssl 1.0. This was not an issue earlier when return value was not checked. A

[Openvpn-devel] [PATCH 1/3 v3] Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+

As described in <80e6b449-c536-dc87-7215-3693872bc...@birkenwald.de> on the openvpn-devel mailing list, --tls-version-min no longer works with OpenSSL 1.1. Kurt Roeckx posted in a debian bug report: "This is marked as important because if you switch to openssl 1.1.0 the defaults minimum version i

Re: [Openvpn-devel] [PATCH 1/3 v2] Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+

Hi, On 19-01-18 19:05, Selva Nair wrote: > The patch is good except for some issues that are easy to fix: > > On Sat, Dec 30, 2017 at 6:02 AM, Steffan Karger wrote: >> As described in <80e6b449-c536-dc87-7215-3693872bc...@birkenwald.de> on >> the openvpn-devel mailing list, --tls-version-min no

Re: [Openvpn-devel] [PATCH 1/3 v2] Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+

Hi, The patch is good except for some issues that are easy to fix: On Sat, Dec 30, 2017 at 6:02 AM, Steffan Karger wrote: > As described in <80e6b449-c536-dc87-7215-3693872bc...@birkenwald.de> on > the openvpn-devel mailing list, --tls-version-min no longer works with > OpenSSL 1.1. Kurt Roeckx