Opened 23 months ago

Closed 9 months ago

#1116 closed Feature Wish (fixed)

TLS 1.3 / openssl 1.1.1

Reported by: sonuser Owned by: Steffan Karger
Priority: major Milestone: release 2.4.6
Component: Crypto Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


Since TLSv1.3 has a RFC doc now ( and openssl released version 1.1.1 with TLS 1.3 support, will OpenVPN also get TLS 1.3 / the new openssl Version?

Also openssl 1.1.1 is LTS now and they say "Since 1.1.1 is our new LTS release we are strongly advising all users to upgrade as soon as possible." in their post here:

Change History (3)

comment:1 Changed 23 months ago by tincantech


comment:2 Changed 9 months ago by Gert Döring

Milestone: release 2.4.7release 2.4.9

OpenVPN supports compilation with OpenSSL 1.1.1 just fine now. So the feature request has been fulfilled :-)

What is missing is "build windows installers with 1.1.1" but I understand that this is just pending management-external-key adjustments (padding) which are in queue from plaisthos.

comment:3 Changed 9 months ago by Steffan Karger

Milestone: release 2.4.9release 2.4.6
Resolution: fixed
Status: newclosed

Although some corner cases around using external signatures (pkcs11, cryptoapi, management-external-key) might not yet work with TLS 1.3, all the common use cases are supported.

Closing this ticket :)

Note: See TracTickets for help on using tickets.