Menu
▾
▴
Re: [Openvpn-users] Compatibility from openvpn 2.4 to 2.7
|
From: Simon M. <sim...@in...> - 2025-10-20 12:52:36
|
Hi, > On 20/10/2025 14:03, David Sommerseth via Openvpn-users wrote: >> On 17/10/2025 11:26, Gert Doering wrote: >>> Hi, >>> >>> On Fri, Oct 17, 2025 at 11:19:48AM +0200, Simon Matter wrote: >>>> Looks like "update-crypto-policies --set LEGACY" did the trick to make >>>> it >>>> work. Ar least this makes the errors go away in a test setup. I'll >>>> soon do >>>> it on a production system. >>> >>> Ah, Redhat... "why should we leave decisions to software when we can >>> annoy everbody with a global setting". >>> >>> (I'm not exactly sure how these crypto policies work, but they seem to >>> override the application's request to get "--tls-cert-profile >>> insecure") >>> >>> thanks for reporting back the solution ;-) >> >> For the RPM packaging in Fedora, EPEL and Copr repos, we apply a patch >> which is required [2]. >> >> [1] >> <https://src.fedoraproject.org/rpms/openvpn/blob/rawhide/f/fedora-crypto-policy-compliance.patch> While we are at it: the 'nice' option doesn't work because it's not allowed. This patch https://github.com/OpenVPN/openvpn/issues/834 makes it work on RHEL. Could this be integrated in the EPEL RPMs? Thanks, Simon |
