Re: [Openvpn-devel] [PATCH] Replace deprecated mbedtls DRBG update function

Hi, On Tue, Aug 10, 2021 at 08:16:44AM +0200, Max Fillinger wrote: > The function mbedtls_ctr_drbg_update is deprecated as of mbedtls 2.16 > and is superseded by mbedtls_ctr_drbg_update_ret, which returns an error > code. This commit replaces the call to the deprecated function with the > new one

[Openvpn-devel] Summary of the community meeting (11th August 2021)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on libera.chat Date: Wed 11th August 2021 Time: 14:00 CET (12:00 UTC) Planned meeting topics for this meeting were here: Your local meeting

Re: [Openvpn-devel] [PATCH v3] Modernise OpenVPN defaults and introduce '--compat-mode'

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, a few more wrinkles to smooth out. Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Wednesday, August 11th, 2021 at 08:29, Antonio Quartulli wrote: > Hi, > > On 05/08/2021 20:09, Arne Schwabe wrote: > > TLS 1.0 shoul

Re: [Openvpn-devel] [PATCH v3] Modernise OpenVPN defaults and introduce '--compat-mode'

Hi, On 11/08/2021 14:52, Gert Doering wrote: > Hi, > > On Wed, Aug 11, 2021 at 09:29:22AM +0200, Antonio Quartulli wrote: >> Wouldn't it be better to have one patch of reach default behaviour being >> charged with a concise but focused explanation as to why that default is >> being changed? >> >>

Re: [Openvpn-devel] [PATCH v3] Modernise OpenVPN defaults and introduce '--compat-mode'

Hi, On Wed, Aug 11, 2021 at 09:29:22AM +0200, Antonio Quartulli wrote: > Wouldn't it be better to have one patch of reach default behaviour being > charged with a concise but focused explanation as to why that default is > being changed? > > After those patches, then another patch could come in i

[Openvpn-devel] [PATCH applied] Re: Replace deprecated mbedtls DRBG update function

I have only done a cursory look ("it's like v1 with the compat function"), and done a minimal test compile (Linux, mbedTLS 2.26.0, and FreeBSD, mbedTLS 2.16.11) + t_client test run. No surprises. Your patch has been applied to the master branch. commit b99fa3fd4fc41862354be709edb9877aae3e138c Au

Re: [Openvpn-devel] [PATCH] Replace deprecated mbedtls DRBG update function

Hi, On 10/08/2021 08:16, Max Fillinger wrote: > The function mbedtls_ctr_drbg_update is deprecated as of mbedtls 2.16 > and is superseded by mbedtls_ctr_drbg_update_ret, which returns an error > code. This commit replaces the call to the deprecated function with the > new one and logs a warning in

[Openvpn-devel] [PATCH] Remove support for PF (Packet Filter)

OpenVPN shipped a small packet filtering tool called PF. It has never been straightforward as it required a plugin to work. On top of that, keeping PF support, makes the code more complicated and increases the maintenance cost of OpenVPN. PF itself is not actually maintained at all and there is li

Re: [Openvpn-devel] [PATCH v3] Modernise OpenVPN defaults and introduce '--compat-mode'

Hi, On 05/08/2021 20:09, Arne Schwabe wrote: > TLS 1.0 should not be allowed anymore in a sensible default configuration. > Bump the default to TLS 1.2 > Also modify --cipher not to be automatically appended and default > allow-compression to no. This also allows a default configuration to be > co