1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
This version of OpenVPN has mbed TLS support. To enable, follow the
instructions below:
To build and install,
./configure --with-crypto-library=mbedtls
make
make install
This version requires mbed TLS version >= 2.0.0 or >= 3.2.1.
*************************************************************************
Due to limitations in the mbed TLS library, the following features are missing
in the mbed TLS version of OpenVPN:
* PKCS#12 file support
* --capath support - Loading certificate authorities from a directory
* Windows CryptoAPI support
* X.509 alternative username fields (must be "CN")
Plugin/Script features:
* X.509 subject line has a different format than the OpenSSL subject line
* X.509 certificate tracking
*************************************************************************
Mbed TLS 3 has implemented TLS 1.3, but support in OpenVPN requires the
function mbedtls_ssl_export_keying_material() which is currently not in
any released version. It is available when building mbed TLS from source
(mbedtls-3.6 or development branch).
Without this function, only TLS 1.2 is available.
|
