Hi Michael,

Am Dienstag, den 19.06.2018, 14:03 +0100 schrieb Michael Tremer:
> We need to *warn* people about these changes in advance.
This would be best suited but i didn´t realize that OpenVPN-2.4x do not
accept 1024 bit anymore. All testers seems to oversee this too and the
OpenVPN change log didn´t pointed it out clearly...

>  And we need to
> have a visual indicator that some action is required here to replace
> the DH params then.
Started to make a $problemmessage section where we can put also some
other potential or real problems like e.g. check for 'no MD5 for
signature anymore', 'Soon needed RFC3280 compliance for the
certificates' . There is surely more...
Good idea ?

> 
> We cannot break things and expect people to find something in the log
> files.
Should be like above written displayed then above the main settings
section like $errormessage.

> 
> Can we do that and automatically generate a 2k DH params for them?
> Would the clients notice that this has changed?
Except a little longer time for the handshake the clients won´t realize
this since the DH-parameter takes only place on server side.

Should we do an automatic DH generation of 2k via update.sh with the
next update ?

Best,

Erik

> 
> Best,
> -Michael
> 
> On Tue, 2018-06-19 at 13:58 +0200, ummeegge wrote:
> > 
> > Hi Michael,
> > the connections won´t start for this systems and the logs should
> > display an appropriate error, in that case they will need to
> > recreate
> > it which is possible over the WUI.
> > After the update to Core 120 only a few people wrote about that
> > problem
> >  possibly because mostly people do use already 2048 bit.
> > 
> > Erik
> > 
> > Am Dienstag, den 19.06.2018, 11:31 +0100 schrieb Michael Tremer:
> > > 
> > > Hello,
> > > 
> > > this patch is fine, but what do we do with systems that already
> > > have
> > > a key
> > > generated with that size?
> > > 
> > > -Michael
> > > 
> > > On Mon, 2018-06-18 at 19:16 +0200, Erik Kapfer wrote:
> >