[Openvpn-devel] Community meetings in June 2020

Hi, Our community meetings will alternate between Wed 11:30 CET and Thu 20:00 CET. Next meetings have been scheduled to - Thu 4th June 20:00 CET - Wed 10th June 11:30 CET - Thu 18th June 20:00 CET - Wed 24th June 11:30 CET The place is #openvpn-meeting IRC channel at Freenode. Meeting agendas a

[Openvpn-devel] Summary of the community meeting (4th June 2020)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Thu 4th June 2020 Time: 20:00 CEST (18:00 UTC) Planned meeting topics for this meeting were here: Your local meeti

Re: [Openvpn-devel] [PATCH v2 3/3] Implement tls-groups option to specify eliptic curves/groups

Hi, On 16/04/2020 17:26, Arne Schwabe wrote: > By default OpenSSL 1.1+ only allows signatures and ecdh/ecdhx from the > default list of X25519:secp256r1:X448:secp521r1:secp384r1. In > TLS1.3 key exchange is independent from the signature/key of the > certificates, so allowing all groups per defaul

Re: [Openvpn-devel] [PATCH v2 3/3] Implement tls-groups option to specify eliptic curves/groups

>> The default for \-\-tls\-ciphersuites is to use the crypto library's >> default. >> .\"* >> .TP >> +.B \-\-tls\-groups l >> +A list >> +.B l >> +of allowable groups/curves in order of preference. > ^^^ shouldn't this be "allowed"

[Openvpn-devel] [PATCH v3 3/3] Implement tls-groups option to specify eliptic curves/groups

By default OpenSSL 1.1+ only allows signatures and ecdh/ecdhx from the default list of X25519:secp256r1:X448:secp521r1:secp384r1. In TLS1.3 key exchange is independent from the signature/key of the certificates, so allowing all groups per default is not a sensible choice anymore and instead a short

Re: [Openvpn-devel] [BUG] test_ncp.c failing

Am 29.05.20 um 01:46 schrieb James Bottomley: > I'm getting this failure of test_ncp.c > > [ RUN ] test_check_ncp_ciphers_list > [ ERROR ] --- 0x7d67e8 != 0 > [ LINE ] --- test_ncp.c:65: error: Failure! > [ FAILED ] test_check_ncp_ciphers_list > > I'm building under openssl-1.1.0i >

[Openvpn-devel] [PATCH v3 3/3] Implement tls-groups option to specify eliptic curves/groups

By default OpenSSL 1.1+ only allows signatures and ecdh/ecdhx from the default list of X25519:secp256r1:X448:secp521r1:secp384r1. In TLS1.3 key exchange is independent from the signature/key of the certificates, so allowing all groups per default is not a sensible choice anymore and instead a short

Re: [Openvpn-devel] [PATCH v3 3/3] Implement tls-groups option to specify eliptic curves/groups

Am 05.06.20 um 00:16 schrieb Arne Schwabe: Ignore this one, I made the patch, tested it, fixed it and forgot to copy it before sending it to the mailling list. Arne signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list

Re: [Openvpn-devel] [BUG] test_ncp.c failing

On Fri, 2020-06-05 at 00:37 +0200, Arne Schwabe wrote: > Am 29.05.20 um 01:46 schrieb James Bottomley: > > I'm getting this failure of test_ncp.c > > > > [ RUN ] test_check_ncp_ciphers_list > > [ ERROR ] --- 0x7d67e8 != 0 > > [ LINE ] --- test_ncp.c:65: error: Failure! > > [ FAILED ]

[Openvpn-devel] [PATCH v2] Add .git-blame-ignore-revs with reformat commits

This allows git blame to ignore reformatting changes and instead to show the previous commit that changed the line. To avoid manually building the list of commits this commit adds a file with a list of reformatting commits. I might have missed a few but this should be a good start. To use the file