mbedtls: enable DHE-RSA key exchange
Later OpenVPN 2.3-openssl versions only enable TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE cipher suites. ECDHE key exchange is not supported by OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE OpenVPN 2.4-mbedtls clients to connect to such servers. Signed-off-by: Magnus Kroken <mkroken@gmail.com> Reported-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Reported-by: Lucian Cristian <luci@createc.ro>
This commit is contained in:
parent
ca963bbf5f
commit
8ed11ebf7d
1 changed files with 0 additions and 9 deletions
|
@ -82,15 +82,6 @@
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
* \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||||
@@ -622,7 +622,7 @@
|
|
||||||
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
|
||||||
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
|
||||||
*/
|
|
||||||
-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
||||||
+//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
||||||
|
|
||||||
/**
|
|
||||||
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
||||||
@@ -695,7 +695,7 @@
|
@@ -695,7 +695,7 @@
|
||||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
|
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
|
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||||
|
|
Loading…
Reference in a new issue