aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMagnus Kroken <mkroken@gmail.com>2016-12-30 01:31:29 +0100
committerFelix Fietkau <nbd@nbd.name>2016-12-30 13:06:43 +0100
commit8ed11ebf7ddaa4888ab6f2c3ee6b744372cc9487 (patch)
tree81b61ba406c5a8a450c80a0d0fd0d317e7a177bd
parentca963bbf5fc0446c35ea578ec1476b5282c0cd66 (diff)
downloadupstream-8ed11ebf7ddaa4888ab6f2c3ee6b744372cc9487.tar.gz
upstream-8ed11ebf7ddaa4888ab6f2c3ee6b744372cc9487.tar.bz2
upstream-8ed11ebf7ddaa4888ab6f2c3ee6b744372cc9487.zip
mbedtls: enable DHE-RSA key exchange
Later OpenVPN 2.3-openssl versions only enable TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE cipher suites. ECDHE key exchange is not supported by OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE OpenVPN 2.4-mbedtls clients to connect to such servers. Signed-off-by: Magnus Kroken <mkroken@gmail.com> Reported-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Reported-by: Lucian Cristian <luci@createc.ro>
-rw-r--r--package/libs/mbedtls/patches/200-config.patch9
1 files changed, 0 insertions, 9 deletions
diff --git a/package/libs/mbedtls/patches/200-config.patch b/package/libs/mbedtls/patches/200-config.patch
index bb74e61adb..dcee704d23 100644
--- a/package/libs/mbedtls/patches/200-config.patch
+++ b/package/libs/mbedtls/patches/200-config.patch
@@ -82,15 +82,6 @@
/**
* \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-@@ -622,7 +622,7 @@
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- */
--#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-+//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-
- /**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -695,7 +695,7 @@
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384