[Openvpn-commits] [OpenVPN/openvpn] a69d9b: Do not try to use the encrypt-then-mac ciphers fro...

[<ope...@li...>]

  Branch: refs/heads/master
  Home:   https://github.com/OpenVPN/openvpn
  Commit: a69d9b66502f13354750d8146cd038cc7a26a0bd
      https://github.com/OpenVPN/openvpn/commit/a69d9b66502f13354750d8146cd038cc7a26a0bd
  Author: Arne Schwabe <ar...@rf...>
  Date:   2025-10-23 (Thu, 23 Oct 2025)

  Changed paths:
    M src/openvpn/crypto_openssl.c
    M src/openvpn/openssl_compat.h

  Log Message:
  -----------
  Do not try to use the encrypt-then-mac ciphers from OpenSSL 3.6.0

These ciphers claim to be CBC but since they are also include an HMAC
are more a mix of AEAD and CBC. Nevertheless, we do not support these
and also have no (good) reason to support them.

This patch defines the flag if the SSL library does not define the flag
to also work when the SSL library is upgraded after OpenVPN has been compiled.

Change-Id: Iafe3c94b952cd3fbecf6f3d05816e5859f425e7d
Signed-off-by: Arne Schwabe <ar...@rf...>
Acked-by: Frank Lichtenheld <fr...@li...>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1294
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg33846.html
Signed-off-by: Gert Doering <ge...@gr...>



To unsubscribe from these emails, change your notification settings at https://github.com/OpenVPN/openvpn/settings/notifications