Page MenuHomeVyOS Platform
Create Task
Maniphest T2139

openvpn: allow "dh-file none" to disable DH for ECDH keys
Closed, ResolvedPublic
Actions

Description

When using EC TLS keys, dh-file is not needed, it can be be set to "none": https://github.com/OpenVPN/openvpn/commit/bd9aa06

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Config syntax change (migratable)
Issue type
Improvement (missing useful functionality)

Event Timeline

jjakob changed the task status from Open to In progress.Mar 19 2020, 5:13 PM
jjakob triaged this task as Low priority.
jjakob created this task.
jjakob created this object in space S1 VyOS Public.
jjakob added a comment.Mar 25 2020, 4:04 PM

The implementation mostly works, but still behaves unexpectedly when keys don't have a BEGIN EC PRIVATE KEY or BEGIN RSA PRIVATE KEY, but have just a plain BEGIN PRIVATE KEY, which is valid for both EC and RSA (and is the default output format for openssl ec -out, for example when removing a passphrase from the key). We need to switch to checking the key type by actually trying to read it with openssl and checking its error status.

pasik added a subscriber: pasik.Mar 25 2020, 7:10 PM
erkin set Issue type to Internal change (not visible to end users).Aug 31 2021, 5:16 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Nov 6 2021, 11:25 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:05 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:43 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:30 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:38 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus (1.3.6).Feb 10 2024, 9:18 AM
dmbaturin closed this task as Resolved.Thu, Apr 4, 8:12 PM
dmbaturin edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.7).
dmbaturin changed Issue type from Internal change (not visible to end users) to Improvement (missing useful functionality).