| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As reported in trac tickets #304, #358 and #359 (and possibly more), the
usage and interpretation of --tls-cipher (and --show-tls) is tricky. This
patch extends the man page to explain those a bit better and point out
that --tls-cipher is an expert feature (i.e. easy to get wrong). Also add
a notice to the --show-tls output, referring to the man page explanation.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1430840857-6123-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9651
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 5f66f907cfc57b89110c08e50c7aab228e090911)
Conflicts:
doc/openvpn.8
src/openvpn/ssl_polarssl.c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Re-enable TLS version negotiation by default, so that users
benefit from the stronger and better crypto of TLSv1.1 and
TLSv1.2, without having to add 'tls-version-min' to their
config files.
We tried this before in 2.3.3, but got various reports of people
no longer being able to connect. Back then, we did not have a
way for users to control the TLS version. We now have
--tls-version-min and --tls-version-max, and even automatically
set --tls-version-max to 1.1 if --cryptoapi is used, because
the cryptoapi code is incompatible with TLS 1.2.
To make sure users can fall back to the _exact_ old default
behaviour, not only limit the TLS version to 1.0 if
--tls-version-max 1.0 is set, but also keep using the API calls
TLSv1_{client,server}_method(), instead of the ones that support
negotiation (SSLv23_{client,server}_method()). (Yes, the naming
is awkward, but 'SSLv23' really means 'enable negotiation' in
OpenSSL-API language.
This patch is for the release/2.3 branch only.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Matthias Andree <matthias.andree@gmx.de>
Message-Id: <1426015605-4068-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9542
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As reported in trac #502, SSL compression can cause problems in some corner
cases. OpenVPN does not need SSL compression, since the control channel is
low bandwidth. This does not influence the data channel compressen (i.e.
--comp or --comp-lzo).
Even though this has not yet been relevant for OpenVPN (since an attacker
can not easily control contents of control channel messages), SSL
compression has been used in the CRIME and BREACH attacks on TLS. TLS 1.3
will probably even remove support for compression all together, for
exactly this reason.
Since we don't need it, and SSL compression causes issues, let's just
disable it in OpenSSL builds. PolarSSL has no run-time flag to disable
compression, but is by default compiled without compression.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1424010266-5910-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9453
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 5d5233778868ddd568140c394adfcfc8e3453245)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because using TLS 1.2 breaks certain setups, a user might want to enforce
a maximum TLS version to use. This patch adds that option.
This patch removes a number of #ifdefs from ssl_polarssl.c, because the
polarssl versions we currently support (polar 1.2 for openvpn 2.3, and
polar 1.3 for openvpn-master) have all versions unconditionally enabled.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <544EC052.3080809@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9210
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Refactored show_library_versions to work around the fact
that some compilers (such as MSVC 2008) can't handle #ifdefs
inside of macro references.
* Declare show_library_versions() in options.h because it's
referenced by other files such as openvpn.c.
* Declare get_ssl_library_version() as returning const char *,
to avoid loss of const qualifier in ssl_openssl.c.
Signed-off-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1399589436-8730-7-git-send-email-james@openvpn.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8711
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
%z as a printf format specifier.
Signed-off-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1399589436-8730-5-git-send-email-james@openvpn.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8710
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For OpenSSL, this means to use TLSv1_(client|server)_method rather
than SSLv23_(client|server)_method combined with SSL_OP_NO_x flags
for specific TLS versions to disable.
For PolarSSL, this means to implicitly control the TLS version via allowed
ciphersuites.
Point out off-by-default-now setting in the openvpn(8) man page.
This patch is only included in the release/2.3 branch, because it's a
stopgap measure. 2.4 will have it on-by-default, when the remaining
handshake problems are fully debugged and solved.
Signed-off-by: James Yonan <james@openvpn.net>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: James Yonan <james@openvpn.net>
Message-Id: <535EC5FE.6060302@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8665
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Print the version of the SSL and LZO library (if any) used.
SSL library version is also sent as IV_SSL=<version> to the server if
--push-peer-info is enabled.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20140416152456.GI16637@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8537
(cherry picked from commit 1ec984b154aa3247ef58c9d44e7e477880b632b1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
stateless session resumption.
OpenVPN doesn't want or need SSL session renegotiation or
resumption, as it handles renegotiation on its own.
For this reason, OpenVPN always disables the SSL session cache:
SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF)
However, even with the above code, stateless session resumption
is still possible unless explicitly disabled with the
SSL_OP_NO_TICKET flag. This patch does this.
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1395017376-24554-1-git-send-email-james@openvpn.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8346
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 25f4d4b49bff342fd9dd54cd22f14c9de49e9f8b)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows to check the available TLS ciphers for a specific configuration
by supplying both --tls-cipher and --show-tls options.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1388607026-12297-4-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8150
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit cb03dca83e37fd65666bf776f39da902fb10acbc)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 4b67f98 changed call to TLSv1_{client,server}_method() to
SSLv23_{client,server}_method(), this commit updates the corresponding
error messages to match the changes in the code.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1388607026-12297-3-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8147
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 441be9f4f91a16218d40b401384ead51b5aac0cc)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 4b67f98 changed calls to TLSv1_{sever,client}_method() to
SSLv23_{client,server}_method() to enable TLS version negotiation. This
commit does the same for two calls of TLSv1_method() from support code.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1388607026-12297-2-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8148
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit dd3e319c1d66c7da51b8555d745a1139e0b322f2)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch moves from using the deprecated RSA_generate_key() to the 'new'
RSA_generate_key_ex() to generate ephemeral RSA keys. This patch does
not change OpenVPN's behaviour.
One note on the implementation though; the code generates one ephemeral
RSA key that is used during the entire lifetime of an OpenVPN process.
If OpenSSL requests a new (ephemeral) key, it will keep on returning the
same (usually rather small) key. Not the best solution.
To actually run this code, I had to force usage by selecting the
TLS-RSA-EXPORT-WITH-DES40-CBC-SHA tls-cipher. That generated a 512-bit
ephemeral RSA key, and uses the outdated DES encryption protocol.
Using this mode could lead to a false sense of security. Then again, one
should be using (Ephemeral) Diffie-Hellman anyway, and OpenVPN requires
a tls-server to supply dh parameters. A user would need to deliberately
choose a weak tls-cipher like TLS-RSA-EXPORT-WITH-DES40-CBC-SHA, which
would be aligning a gun with his foot anyway. If one would decide this
implementation is not good enough anymore, I'd suggest to just strip out
support for this completely.
Code has been tested using the TLS-RSA-EXPORT-WITH-DES40-CBC-SHA tls-cipher
which uses this to create ephemeral RSA keys.
This should resolve trac#197.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <52ADF633.8040003@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8110
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
Acked-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1385210434-28364-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8039
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 20fe5561dfe7a6f1da3aac07b38d0773c2758e5e)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL's tls_ctx_load_cert_file() had a parameter in which a copy of the
context's certificate chain was stored on return, used by
tls_ctx_use_external_private_key() only and free()d immediately thereafter.
PolarSSL also supported this output parameter, but returned a pointer to
the
context's certificate chain (rather than to a copy of the certificate, as
OpenSSL does) - which meant that we would have to #ifdef the free().
PolarSSL cannot make a copy of a certificate chain, and OpenSSL cannot
store a
pointer to (instead of a copy of) the cert.
So remove the output parameter from tls_ctx_load_cert_file() and
incorporate
the needed functionality directly into tls_ctx_use_external_private_key()
(which is straightforward for both OpenSSL and PolarSSL, as long as you
don't
try to support both at once.)
Signed-off-by: Joachim Schipper <joachim.schipper@fox-it.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1379587649-25506-2-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7888
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit c3b2d487bc5089c8c0cf65df8e6cc2232d84b05b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a CA certificate file includes intermediate certificates, and any
of them fail to verify, the current code will file with "Cannot load
CA certificate file". Instead, generate a more specific error message
identifying the specific sub-certificate(s) which did not validate.
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <CAK6ywbLVtSgRZEt4N+02fz+vQ0GNp==5KdsbqWtZ+fgUzrZq+g@mail.gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7837
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 9927cdbd929bebbba0d15bb9a6b03453891a485b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Load intermediate certificates from a PKCS#12 file and place them in the
extra certs chain, when trusted CA certs are loaded from an external PEM
file with the --ca option, and the CA certs in PKCS#12 are not to be trusted.
Required when client PKCS#12 file is provided by a different CA
than the server CA, the PKCS#12 file contains intermediate certificates
required for client auth, but the server CA is not in the PKCS#12 file.
When --ca is set, the PKCS#12 provided CA certs are not trusted. Without
this patch, they were ignored completely - with this patch, they're loaded
in the extra certs chain which makes them available for chain verification
but still does not make them trusted if --ca is set. Unless when, of
course, a trusted root is found from the --ca file.
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <alpine.DEB.2.02.1306201400320.10116@jazz.he.fi>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7721
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 6481f879eb62cafa6ad652801b2b5c45e546ef44)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated the TLS negotiation logic to adaptively try to connect using
the highest TLS version supported by both client and server.
Previously, OpenVPN (when linked with OpenSSL) would always connect
using TLS 1.0.
Also added tls-version-min directive to force a higher TLS version
than 1.0:
tls-version-min <version> ['or-highest'] -- sets the minimum
TLS version we will accept from the peer. Examples for version
include "1.0" (default), "1.1", or "1.2". If 'or-highest' is
specified and version is not recognized, we will only accept
the highest TLS version supported by the local SSL implementation.
Examples:
tls-version-min 1.1 -- fail the connection unless peer can
connect at TLS 1.1 or higher.
tls-version-min 1.2 or-highest -- require that the peer
connect at TLS 1.2 or higher, however if the local SSL
implementation doesn't support TLS 1.2 (as it wouldn't
if linked with an older version of OpenSSL), reduce the
minimum required version to the highest version supported
by the local SSL implementation (such as TLS 1.0). This
is intended to allow client configurations to target higher
TLS versions that are supported on the server, even if some
older clients don't support these versions yet.
[
This is a merged patch from on the following commits
on git://github.com/jamesyonan/openvpn.git
03a5599202bdc3ba07983dc4efdae387fb8fb436
d23005413b0e0f28a3c48a6342f494763d5c9b40
]
Signed-off-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
URL: http://thread.gmane.org/gmane.network.openvpn.devel/7743
URL: http://thread.gmane.org/gmane.network.openvpn.devel/7744
Message-Id: 51C77F12.1090802@openvpn.net
Signed-off-by: David Sommerseth <davids@redhat.com>
(cherry picked from commit 4b67f9849ab3efe89268e01afddc7795f38d0f64)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Conflicts:
src/openvpn/ssl_common.h
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 51B1DBEF.1090705@fox-it.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/7664
Signed-off-by: David Sommerseth <davids@redhat.com>
(cherry picked from commit b97e2c3c90afdbb1a24bc1357ec6b94d626defcd)
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1CED409804E2164C8104F9E623B08B9013BC28A538@FOXDFT02.FOX.local>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7480
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 0bcde52f6a96a19c28e035e2c562f8a66eaa416f)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added translation table and functions to translate between TLS OpenSSL
and IANA (IETF) cipher suite names. The previously used OpenSSL names
are still accepted, but a deprecation warning is issued.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363942465-3251-6-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7439
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 3b23b18dddb8f8f4a6ac6959b844b63356b59e87)
|
|
|
|
|
|
|
|
|
|
| |
This code is always enabled and removing the #ifdef make the code a little bit clearer
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: James Yonan <james@openvpn.net>
Message-Id: 1340044749-10694-4-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/6746
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move OpenSSL calls out from the generic crypto layer and into the
OpenSSL specific layer. Also don't load all algortihms if SSL
isn't enabled.
Error strings will also not be loaded into memory if ENABLE_SMALL
is configured.
Signed-off-by: Igor Novgorodov <igor@novg.net>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
| |
+ Some fixups within the platform.c functions.
- need to check environment set on Windows.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Yet another step in reducing the syshead.h content.
Conditional compilation of sources needs to be based on
a minimum program prefix (config.h only).
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
Suitable for mature project.
root - administrative stuff
doc - documents
src - sources
tests - tests
distro - distro specific files
sample - samples
SIDE EFFECT: many changes to rpm spec.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|