[FS#942] openvpn-mbedtls no longer accepts SHA1 certificates
LEDE Bugs
lede-bugs at lists.infradead.org
Sun Jul 30 13:32:35 PDT 2017
The following task has a new comment added:
FS#942 - openvpn-mbedtls no longer accepts SHA1 certificates
User who did this - Baptiste Jonglez (bjonglez)
----------
I understand the rationale, and I'm all for more security.
However, as a LEDE/openvpn user, I probably don't have access to the openvpn server (for instance it might be a commercial VPN provider). So it is really frustrating to have a broken service without any practical way to fix it.
My main complaint is that it introduces a non-compatible change in lede-17.01. As a compromise, I think it makes sense to:
- re-enable SHA1 in lede-17.01
- leave SHA1 disabled in trunk
- clearly mention in the release notes of the next LEDE/OpenWRT major release that mbedtls no longer supports SHA1 signatures.
----------
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=942#comment3168
More information about the lede-bugs
mailing list