Update OpenSSL to 1.1.1 for TLSv1.3 support #123

ghost · 2019-10-11T13:12:41Z

Would it be possible to update the (embedded) OpenSSL to a version >= 1.1.1? This would bring TLSv1.3 support and Ed25519 support for keys in <cert>, <key> and <ca>.

I have a test server available with TLSv1.3 and Ed25519 key support if that helps!

The text was updated successfully, but these errors were encountered:

ghost · 2019-11-03T11:17:58Z

Seems to work great! Thanks!

Server log:

Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 TLS: Initial packet from [AF_INET6]::ffff:93.135.12.46:49631, sid=df343c4e 30f33df4
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 VERIFY OK: depth=1, CN=VPN CA
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 VERIFY KU OK
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 Validating certificate extended key usage
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 VERIFY EKU OK
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 VERIFY OK: depth=0, CN=e15fe13fdb05bd8d78245c4e195a4797
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_VER=2.4
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_PLAT=mac
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_UI_VER=com.algoritmico.TunnelKit_2.1.0
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_PROTO=2
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_NCP=2
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_SSL=OpenSSL_1.1.1d__10_Sep_2019
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_LZO_STUB=1
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 peer info: IV_LZO=1
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1549'
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1500'
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 WARNING: 'tls-crypt' is present in remote config but missing in local config, remote='tls-crypt'
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: 93.135.12.46:49631 [e15fe13fdb05bd8d78245c4e195a4797] Peer Connection Initiated with [AF_INET6]::ffff:93.135.12.46:49631
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 MULTI_sva: pool returned IPv4=10.56.25.2, IPv6=fdfe:26f4:7e1:7c09::1000
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_58c9bedc8ca6b7c04fe16fccc0232d5a.tmp
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 MULTI: Learn: 10.56.25.2 -> e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 MULTI: primary virtual IP for e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631: 10.56.25.2
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 MULTI: Learn: fdfe:26f4:7e1:7c09::1000 -> e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 MULTI: primary virtual IPv6 for e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631: fdfe:26f4:7e1:7c09::1000
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 PUSH: Received control message: 'PUSH_REQUEST'
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 SENT CONTROL [e15fe13fdb05bd8d78245c4e195a4797]: 'PUSH_REPLY,block-outside-dns,dhcp-option DNS 10.56.25.1,dhcp-option DNS fdfe:26f4:7e1:7c09::1,explicit-exit-notify 1,redirect-gateway def1 ipv6 block-local,tun-ipv6,route-gateway 10.56.25.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fdfe:26f4:7e1:7c09::1000/112 fdfe:26f4:7e1:7c09::1,ifconfig 10.56.25.2 255.255.255.192,peer-id 0,cipher AES-256-GCM' (status=1)
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 03 11:16:49 vpn-dev.tuxed.net openvpn[1082]: e15fe13fdb05bd8d78245c4e195a4797/93.135.12.46:49631 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

keeshux added the enhancement New feature or request label Oct 11, 2019

ghost mentioned this issue Oct 11, 2019

Support Ed25519 X.509 certificates eduvpn/apple#107

Closed

jeroenleenarts mentioned this issue Oct 14, 2019

Building 1.1.1d results in error passepartoutvpn/openssl-apple#12

Closed

keeshux added this to the 2.1.0 milestone Oct 31, 2019

keeshux self-assigned this Oct 31, 2019

keeshux closed this as completed in 907c8ec Nov 3, 2019

Update OpenSSL to 1.1.1 for TLSv1.3 support #123

Update OpenSSL to 1.1.1 for TLSv1.3 support #123

ghost commented Oct 11, 2019

ghost commented Nov 3, 2019

Update OpenSSL to 1.1.1 for TLSv1.3 support #123

Update OpenSSL to 1.1.1 for TLSv1.3 support #123

Comments

ghost commented Oct 11, 2019

ghost commented Nov 3, 2019