Project

General

Profile

Actions

Todo #13255

open

Set PKCS#12 algorithm when exporting OpenVPN ZIP or Windows bundles

Added by Jim Pingle 2 months ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
Category:
OpenVPN Client Export
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

Currently when crafting a PKCS#12 archive the OpenVPN Client Export package does not set a specific encryption algorithm, so it ends up using the current default in OpenSSL 1.1.1 which is RC2. OpenSSL 3.0 is dropping support for RC2, and given its weakness we should be exporting using something stronger anyhow.

The package should set AES-256 by passing -certpbe AES-256-CBC -keypbe AES-256-CBC when creating the PKCS#12 file, perhaps with an option to omit them so it uses the old algorithms for legacy clients.

Actions #1

Updated by Jim Pingle 2 months ago

  • Description updated (diff)
Actions

Also available in: Atom PDF