This is an automated email from the git hooks/post-receive script.
pbokoc pushed a commit to branch f26
in repository release-notes.
commit 76126e8d5d33c3c4a90c82e87e7286a95e75cf44
Author: Petr Bokoc <pbokoc(a)redhat.com>
Date: Mon Jul 10 15:47:52 2017 +0200
Add issue 36 - OpenVPN
---
en-US/Networking.xml | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/en-US/Networking.xml b/en-US/Networking.xml
index 9fdc23a..e770827 100644
--- a/en-US/Networking.xml
+++ b/en-US/Networking.xml
@@ -7,4 +7,23 @@
<section id="sect-networking">
<title>Networking</title>
<para />
+ <section id="sect-networking-openvpn">
+ <title>OpenVPN Rebased to Version 2.4.3</title>
+ <para>
+ <application>OpenVPN</application> has been rebased to version 2.4.3.
This update adds many improvements, notably improved elliptic curve cryptography support
(<systemitem>ECDH</systemitem>), support for
<systemitem>AES-GCM</systemitem>, and additional encryption layer of the
control channel (the <option>--tls-crypt</option> option), and a type of
cipher negotiation which allows for gradually upgrading client ciphers to stronger ones
without significant added complexity. Additional [...]
+ </para>
+ <para>
+ For a full list of changes in this version, see the <ulink
url="https://github.com/OpenVPN/openvpn/blob/v2.4.3/Changes.rst"...
changelog on GitHub</ulink>.
+ </para>
+ <para>
+ Overall integration with <application>systemd</application> has also
improved, and systemd can now better manage OpenVPN processes. This update ships with
brand new systemd unit files, which add additional security hardening. These new unit
files are preferred over the old <filename>openvpn@.service</filename> file.
The same unit files are used in other Linux distributions which use systemd, ensuring a
more consistent behavior and usage between different systemd-based systems. See [...]
+ </para>
+ <bridgehead renderas="sect3">Additional Notes</bridgehead>
+ <para>
+ In other changes, Certificate Revocation List
(<systemitem>CRL</systemitem>) checking is now done by
<command>SSL</command> libraries directly. These libraries have a far more
strict acceptance policy than the approach previously used in OpenVPN. For example, if
your CRL file has expired, this will have an impact on every user, regardless of whether
their certificates are revoked or not.
+ </para>
+ <para>
+ Additionally, OpenVPN in Fedora 26 currently use the
<package>compat-openssl10</package> and
<package>compat-openssl10-pkcs11-helper</package> compatibility packages,
which are considered to be a workaround until more thorough testing can be done on OpenSSL
1.1, which has only been introduced in OpenVPN recently. In a later update, the OpenVPN
package is expected to be upgraded to make use of the newer
<package>openssl-1.1</package> library.
+ </para>
+ </section>
</section>
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.