[source] mbedtls: enable DHE-RSA key exchange

LEDE Commits lede-commits at lists.infradead.org
Fri Dec 30 04:07:14 PST 2016


nbd pushed a commit to source.git, branch master:
https://git.lede-project.org/8ed11ebf7ddaa4888ab6f2c3ee6b744372cc9487

commit 8ed11ebf7ddaa4888ab6f2c3ee6b744372cc9487
Author: Magnus Kroken <mkroken at gmail.com>
AuthorDate: Fri Dec 30 01:31:29 2016 +0100

    mbedtls: enable DHE-RSA key exchange
    
    Later OpenVPN 2.3-openssl versions only enable
    TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE
    cipher suites. ECDHE key exchange is not supported by
    OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE
    OpenVPN 2.4-mbedtls clients to connect to such servers.
    
    Signed-off-by: Magnus Kroken <mkroken at gmail.com>
    Reported-by: Martin Blumenstingl <martin.blumenstingl at googlemail.com>
    Reported-by: Lucian Cristian <luci at createc.ro>
---
 package/libs/mbedtls/patches/200-config.patch | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/package/libs/mbedtls/patches/200-config.patch b/package/libs/mbedtls/patches/200-config.patch
index bb74e61..dcee704 100644
--- a/package/libs/mbedtls/patches/200-config.patch
+++ b/package/libs/mbedtls/patches/200-config.patch
@@ -82,15 +82,6 @@
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-@@ -622,7 +622,7 @@
-  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
-  *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-  */
--#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-+//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
- 
- /**
-  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 @@ -695,7 +695,7 @@
   *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
   *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384



More information about the lede-commits mailing list