id summary reporter owner description type status priority milestone component version severity resolution keywords cc 1460 Bug in openssl3 provider support baentsch Selva Nair "The use of the function ""SSL_CTX_set1_groups"" in the implementation of https://github.com/OpenVPN/openvpn/blob/2612125d7cf5e3c8687a3fab8fba61670ac12f35/src/openvpn/ssl_openssl.c#L572 does not adhere to/is not permitted in the presence of OpenSSL3 providers as per the OpenSSL documentation (https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html): ""A number of these functions identify groups via a unique integer NID value. However, support for some groups may be added by external providers. In this case there will be no NID assigned for the group. When setting such groups applications should use the ""list"" form of these functions (i.e. SSL_CTX_set1_groups_list() and SSL_set1_groups_list)."" The concrete use case: TLS1.3 group names of quantum-safe KEM algorithms are rejected by this OpenVPN function even though they are perfectly valid and implemented in the [oqsprovider](https://github.com/open-quantum-safe/oqs-provider)" Bug / Defect closed major release 2.6 Crypto Not set (select this one, unless your'e a OpenVPN developer) fixed plaisthos