Hello Adolf,

Thank you very much for testing.

I believe that I might have a small regression from OpenSSL 3.2.0 - at least I think it is that:

  https://bugzilla.ipfire.org/show_bug.cgi?id=13527

Apache won’t start if a system has been upgraded for a long time and is using an older RSA key.

I could not find any indication in the change log of OpenSSL, but since we did not touch Apache itself in this update, I cannot come up with any other idea.

Since we are already using ECDSA keys as well as RSA keys, how about dropping the RSA keys altogether to solve this problem?

-Michael

> On 16 Jan 2024, at 14:18, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> Hi All,
> 
> At the last video call we agreed to test out openvpn and ipsec with the openssl-3.2.0 version that is in next.
> 
> I cloned a vm and updated it to unstable (CU183) and ran my existing openvpn connections on it that had been created with an older version of openssl-3.x. Everything worked without any problems.
> 
> I then created new connections with openssl-3.2.0 and tested them out. Again the connection was successfully made and I could access the remote green machine with no problems.
> 
> So for openvpn there looks to be no issues with openssl-3.2.0 from my testing.
> 
> Regards,
> Adolf.
> 
> -- 
> Sent from my laptop
>