Bug 1019449
Summary: | ECDHE now supported in Fedora openssl, please add to openvpn | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Dimitris <dimitris.on.linux> |
Component: | openvpn | Assignee: | Steven Pritchard <steve> |
Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 19 | CC: | bill-bugzilla.redhat.com, davids, gwync, huzaifas, lemenkov, steve |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-10-17 22:51:20 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1019390 |
Description
Dimitris
2013-10-15 18:01:18 UTC
A lot more than a rebuild of OpenVPN is needed. To properly support EC, OpenVPN needs to be enhanced with ECDH (now only DH is available). This requires upstream OpenVPN to get patches written and applied. There are some people looking into this from time to time, but until OpenVPN has the needed patches, EC isn't really functional at all. Closing this Fedora bug, as this needs to be taken upstream with the OpenVPN community directly. yep, here's the upstream ticket and forum thread: https://community.openvpn.net/openvpn/ticket/307 https://forums.openvpn.net/topic8404-30.html I'd love to have ECDH on my OpenVPN connections, and it looks like patches exist but they haven't been properly asked for, implemented, or tested (yet). Please, don't unblock parent ticket when child ticked is resolved. We'd better leave it blocked (for reference, for statistical purposes, etc). (In reply to Peter Lemenkov from comment #3) > Please, don't unblock parent ticket when child ticked is resolved. We'd > better leave it blocked (for reference, for statistical purposes, etc). Fair enough, I just felt the OpenVPN bug isn't really related to Fedora enabling elliptic curves. For OpenVPN's part, that needs to be resolved upstream (which it isn't yet). IMO, this bug is completely irrelevant to Fedora as this issue should only tracked upstream with OpenVPN. And to my knowledge, there's no ETA for when OpenVPN will enable EC. |