Opened 17 months ago

Closed 4 months ago

#1116 closed Feature Wish (fixed)

TLS 1.3 / openssl 1.1.1

Reported by: sonuser Owned by: Steffan Karger
Priority: major Milestone: release 2.4.6
Component: Crypto Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

Since TLSv1.3 has a RFC doc now (https://tools.ietf.org/html/rfc8446) and openssl released version 1.1.1 with TLS 1.3 support, will OpenVPN also get TLS 1.3 / the new openssl Version?

https://github.com/openssl/openssl/releases/tag/OpenSSL_1_1_1
https://wiki.openssl.org/index.php/TLS1.3

Also openssl 1.1.1 is LTS now and they say "Since 1.1.1 is our new LTS release we are strongly advising all users to upgrade as soon as possible." in their post here: https://www.openssl.org/blog/blog/2018/09/11/release111/

Change History (3)

comment:1 Changed 17 months ago by tincantech

cc

comment:2 Changed 4 months ago by Gert Döring

Milestone: release 2.4.7release 2.4.9

OpenVPN supports compilation with OpenSSL 1.1.1 just fine now. So the feature request has been fulfilled :-)

What is missing is "build windows installers with 1.1.1" but I understand that this is just pending management-external-key adjustments (padding) which are in queue from plaisthos.

comment:3 Changed 4 months ago by Steffan Karger

Milestone: release 2.4.9release 2.4.6
Resolution: fixed
Status: newclosed

Although some corner cases around using external signatures (pkcs11, cryptoapi, management-external-key) might not yet work with TLS 1.3, all the common use cases are supported.

Closing this ticket :)

Note: See TracTickets for help on using tickets.