[openssl-users] openvpn 2.4.1 with gost

R.S dovdir at mail.ru
Tue Apr 18 09:16:38 UTC 2017


Hello.
I have just build openvpn with openvpn-build with these versions:
OPENSSL_VERSION="${OPENSSL_VERSION:-1.0.2k}"
PKCS11_HELPER_VERSION="${PKCS11_HELPER_VERSION:-1.11}"
LZO_VERSION="${LZO_VERSION:-2.10}"
TAP_WINDOWS_VERSION="${TAP_WINDOWS_VERSION:-9.21.2}"
OPENVPN_VERSION="${OPENVPN_VERSION:-2.4.1}"
OPENVPN_GUI_VERSION="${OPENVPN_GUI_VERSION:-11}"

Compilation success, no problem. 
i modified openssl.cnf to include engine gost.
openssl_conf = openssl_def 
[ openssl_def ]                
engines = engine_section
[ engine_section ]
gost = gost_section
[gost_section]
default_algorithms=ALL
engine_id=gost 

openssl ciphers | tr ":" "\n" | grep GOST
GOST2001-GOST89-GOST89
GOST94-GOST89-GOST89

openssl list-message-digest-algorithms | grep gost
gost-mac
md_gost94
gost-mac
md_gost94

openssl shows me GOST.

------
gost-server.ovpn
-----
dev tap
engine gost
auth gost-mac
cipher gost89
tls-cipher GOST2001-GOST89-GOST89
#comp-lzo yes
ca ca.crt
cert server.crt
key server.key
dh    dhparam.pem
server 10.0.0.0 255.255.255.0
keepalive 10 120
proto tcp
socket-flags TCP_NODELAY
persist-key
persist-tun

openvpn gost-server.ovpn says me
-- Initializing OpenSSL support for engine 'gost'
-- Deprecated TLS cipher name 'GOST2001-GOST89-GOST89', please use IANA name 'TLS_GOSTR341001_WITH_28147_CNT_IMIT'
-- OpenSSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match
-- Failed to set restricted TLS cipher list: GOST2001-GOST89-GOST89
-- Exiting due to fatal error

Please help with this problem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170418/cdd3985f/attachment.html>


More information about the openssl-users mailing list