Changes between Version 2 and Version 3 of Topics-2023-12-06


Ignore:
Timestamp:
12/06/23 12:54:55 (5 months ago)
Author:
novaflash
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Topics-2023-12-06

    v2 v3  
    1010* **New: spam on forums.**\\
    1111  ''It just keeps coming. We need a solution.''\\
     12  ''asked pippin_ if he could maybe get attention from ecrist to try and solve this.''\\
    1213
    1314* **Updated: Website release process woes**\\
     
    1516  ''But there is a release freeze planned for last weeks of December so we may not actually get it this year.''\\
    1617
    17 * **Publish security assessment of OpenVPN2 on main website.**\\
    18   ''Trail of Bits security audit of OpenVPN2 published: https://openvpn.net/blog/trail-of-bits/ ''\\
     18* **Updated: TLS 1.0 PRF problem**\\
     19  ''A patch for this has been created and it needs reviews.'\\ 
    1920
    20 * **TLS 1.0 PRF problem**\\
    21   ''OpenVPN has used a scheme based on the TLS 1.0 PRF with MD5+SHA1 in the past. Since OpenVPN 2.6.0+ and 3.6.0+ using Keying Material Exporters (RFC 5705) is preferrred as modern alternative to that.''
    22   ''If one or both sides are older versions of OpenVPN like 2.5 and use the older method of making key material, there can be a problem.''\\
    23   ''For example on platforms like RHEL9 with FIPS enabled, you cannot use TLS 1.0 PRF with MD5+SHA1. So even for these special cases MD5 has become impossible in this particular situation.''\\
    24   ''As a practical example, this means OpenVPN 2.5 on RHEL9 with FIPS enabled cannot work at all. But 2.6 does work because it uses TLS export, but only if the other side supports TLS export too.''\\
    25   ''We should first of all document this. But second, having a self-test in OpenVPN that warns of this situation can be beneficial.''\\ 
    26 
    27 * **License amendment for OpenVPN2 to solve openssl/mbedtls licensing issues**\\
     21* **Updated: License amendment for OpenVPN2 to solve openssl/mbedtls licensing issues**\\
    2822  ''For new contributions the new license already applies.''\\
    29   ''The --tls-export-cert option needs to be removed, and reimplemented. dazo sent in the patch to remove it, plaisthos will reimplement it.''\\
     23  ''The --tls-export-cert code was removed, and plaisthos will reimplement it.''\\
    3024  ''Then it is up to dazo to review things so we can work on finalizing this.''\\
    3125  ''One of the last tasks is reviewing if remaining items are trivial patches, and maybe get legal advice on those if necessary.''\\
     26
     27* **New: OpenVPN 2.6.9 release**\\
     28  ''After --export-peer-cert/--tls-export-cert issue is clarified and code merged, we feel we're ready for a new release.''\\
     29  ''Tentatively next week.''\\
    3230
    3331* **Donations for OpenVPN community**\\
     
    5351  ''company will send this to tech writer to redo based on https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/example-fingerprint.rst info\\and also retain a link to that github doc.\\having a simple guide online will help adoption''\\
    5452
    55 * **openvpn release process topics**\\''there was a request in https://github.com/OpenVPN/openvpn/issues/397 to have releases on github as well.\\djpig seems to think it would be fairly doable to copy/paste that info to github as well.\\we could do this during a next release.''
    56 
    5753* **OpenVPN 2.6 performance results.**\\''tests should cover: gre, ipsec, userland, dco\\linux, freebsd, windows\\requires time to be dedicated to doing this\\when time available will do it''
    5854