#1116 closed Feature Wish (fixed)
TLS 1.3 / openssl 1.1.1
| Reported by: | sonuser | Owned by: | Steffan Karger |
|---|---|---|---|
| Priority: | major | Milestone: | release 2.4.6 |
| Component: | Crypto | Version: | |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
Since TLSv1.3 has a RFC doc now (https://tools.ietf.org/html/rfc8446) and openssl released version 1.1.1 with TLS 1.3 support, will OpenVPN also get TLS 1.3 / the new openssl Version?
https://github.com/openssl/openssl/releases/tag/OpenSSL_1_1_1
https://wiki.openssl.org/index.php/TLS1.3
Also openssl 1.1.1 is LTS now and they say "Since 1.1.1 is our new LTS release we are strongly advising all users to upgrade as soon as possible." in their post here: https://www.openssl.org/blog/blog/2018/09/11/release111/
Change History (4)
comment:1 Changed 6 years ago by
comment:2 Changed 4 years ago by
| Milestone: | release 2.4.7 → release 2.4.9 |
|---|
OpenVPN supports compilation with OpenSSL 1.1.1 just fine now. So the feature request has been fulfilled :-)
What is missing is "build windows installers with 1.1.1" but I understand that this is just pending management-external-key adjustments (padding) which are in queue from plaisthos.
comment:3 Changed 4 years ago by
| Milestone: | release 2.4.9 → release 2.4.6 |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Although some corner cases around using external signatures (pkcs11, cryptoapi, management-external-key) might not yet work with TLS 1.3, all the common use cases are supported.
Closing this ticket :)
comment:4 Changed 3 years ago by
Padding support for TLS 1.3 with external signatures:
pkcs11: required update to pkcs11-helper library v1.26+ (included since v2.4.10 and v2.5.0 Windows builds)
cryptoapi: via CNG in OpenVPN 2.5
management-external-key: new protocol version with OpenVPN 2.5
cc