Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure OpenSSL while Building #257

Open
Emrehan opened this issue Jun 8, 2022 · 9 comments
Open

Configure OpenSSL while Building #257

Emrehan opened this issue Jun 8, 2022 · 9 comments

Comments

@Emrehan
Copy link

Emrehan commented Jun 8, 2022

Hi,

Is it possible to add config file to OpenSSL that is used by OpenVPN? I want to change supported ciphers and remove weak ones. I know I can use parameters like --cipher but I want to change "Client Hello" message in Wireshark capture.

@cron2
Copy link
Collaborator

cron2 commented Jun 8, 2022 via email

@Emrehan
Copy link
Author

Emrehan commented Jun 9, 2022

Hi,

Thanks for your answer. It solved most of my problems. I can change ciphers with --tls-cipher and --tls-ciphersuites and I can change cipher & signature algorithms with --tls-cert-profile.

--tls-cert-profile suiteb remove more than I want
and --tls-cert-profile preferred has 3 more signature algorithms that I want to remove.

Is there any way to remove signature algorithm (digest)?

@lstipakov
Copy link
Member

You could put your OpenSSL config file to C:\Program Files\OpenVPN\ssl\openssl.cnf - this will be used by OpenVPN at OpenSSL initialization.

@Emrehan
Copy link
Author

Emrehan commented Jun 10, 2022

I do not install OpenVPN actually. I use exe file that is located in my project file. Is it still work if I put a config file to same directory?

@lstipakov
Copy link
Member

It should work with latest releases.

@Emrehan
Copy link
Author

Emrehan commented Jun 10, 2022

I'm using version 2.4.11, how can I check if it is support or not?

@cron2
Copy link
Collaborator

cron2 commented Jun 10, 2022 via email

@flyhigao
Copy link

flyhigao commented Sep 8, 2022

same require here. @Emrehan how do you solve this?

@Emrehan
Copy link
Author

Emrehan commented Sep 8, 2022

same require here. @Emrehan how do you solve this?

Hey

If you use newer version of OpenVPN, you can just add openssl.conf file. There are lots of example of it in the internet.

If not,

--tls-ciphersuites
--tls-cipher
--tls-cert-profile

Options should fix most of the cases. Howver, if you want more control over it, I rebuild OpenVPN by changing source code. I added some lines to use openssl library in openvpn source code. You can follow this option to get how it works ( --tls-cert-profile)

Hope it helps

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants