Skip to content
Snippets Groups Projects
Commit 8ed11ebf authored by Magnus Kroken's avatar Magnus Kroken Committed by Felix Fietkau
Browse files

mbedtls: enable DHE-RSA key exchange 


Later OpenVPN 2.3-openssl versions only enable
TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE
cipher suites. ECDHE key exchange is not supported by
OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE
OpenVPN 2.4-mbedtls clients to connect to such servers.

Signed-off-by: default avatarMagnus Kroken <mkroken@gmail.com>
Reported-by: default avatarMartin Blumenstingl <martin.blumenstingl@googlemail.com>
Reported-by: default avatarLucian Cristian <luci@createc.ro>
parent ca963bbf
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
package/libs/mbedtls/patches/200-config.patch
+ 0
9
View file @ 8ed11ebf
...@@ -82,15 +82,6 @@ ...@@ -82,15 +82,6 @@
/** /**
* \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
@@ -622,7 +622,7 @@
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*/
-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -695,7 +695,7 @@ @@ -695,7 +695,7 @@
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment