Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update OpenSSL to 1.1.1 for TLSv1.3 support #123

Closed
fkooman opened this issue Oct 11, 2019 · 1 comment
Assignees
Labels
Milestone

Comments

@fkooman
Copy link

@fkooman fkooman commented Oct 11, 2019

Would it be possible to update the (embedded) OpenSSL to a version >= 1.1.1? This would bring TLSv1.3 support and Ed25519 support for keys in <cert>, <key> and <ca>.

I have a test server available with TLSv1.3 and Ed25519 key support if that helps!

@fkooman

This comment has been minimized.

Copy link
Author

@fkooman fkooman commented Nov 3, 2019

Seems to work great! Thanks!

Server log:

Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 TLS: Initial packet from [AF_INET6]::ffff:93.135.12.46:49631, sid=df343c4e 30f33df4
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 VERIFY OK: depth=1, CN=VPN CA
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 VERIFY KU OK
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 Validating certificate extended key usage
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 VERIFY EKU OK
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 VERIFY OK: depth=0, CN=e15fe13fdb05bd8d78245c4e195a4797
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_VER=2.4
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_PLAT=mac
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_UI_VER=com.algoritmico.TunnelKit_2.1.0
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_PROTO=2
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_NCP=2
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_SSL=OpenSSL_1.1.1d__10_Sep_2019
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_LZO_STUB=1
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_LZO=1
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1549'
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1500'
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 WARNING: 'tls-crypt' is present in remote config but missing in local config, remote='tls-crypt'
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 [e15fe13fdb05bd8d78245c4e195a4797] Peer Connection Initiated with [AF_INET6]::ffff:93.135.12.46:49631
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 MULTI_sva: pool returned IPv4=10.56.25.2, IPv6=fdfe:26f4:7e1:7c09::1000
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_58c9bedc8ca6b7c04fe16fccc0232d5a.tmp
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 MULTI: Learn: 10.56.25.2 -> e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 MULTI: primary virtual IP for e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631: 10.56.25.2
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 MULTI: Learn: fdfe:26f4:7e1:7c09::1000 -> e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 MULTI: primary virtual IPv6 for e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631: fdfe:26f4:7e1:7c09::1000
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 PUSH: Received control message: 'PUSH_REQUEST'
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 SENT CONTROL [e15fe13fdb05bd8d78245c4e195a4797]: 'PUSH_REPLY,block-outside-dns,dhcp-option DNS 10.56.25.1,dhcp-option DNS fdfe:26f4:7e1:7c09::1,explicit-exit-notify 1,redirect-gateway def1 ipv6 block-local,tun-ipv6,route-gateway 10.56.25.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fdfe:26f4:7e1:7c09::1000/112 fdfe:26f4:7e1:7c09::1,ifconfig 10.56.25.2 255.255.255.192,peer-id 0,cipher AES-256-GCM' (status=1)
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.