From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] OpenVPN: Delete 1024 bit DH-parameter from menu Date: Tue, 19 Jun 2018 14:03:19 +0100 Message-ID: <8bb086ce31c86c409ffa6495a0f9218ff9d92d7f.camel@ipfire.org> In-Reply-To: <1529409524.2488.5.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6899651311278213581==" List-Id: --===============6899651311278213581== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit We need to *warn* people about these changes in advance. And we need to have a visual indicator that some action is required here to replace the DH params then. We cannot break things and expect people to find something in the log files. Can we do that and automatically generate a 2k DH params for them? Would the clients notice that this has changed? Best, -Michael On Tue, 2018-06-19 at 13:58 +0200, ummeegge wrote: > Hi Michael, > the connections won´t start for this systems and the logs should > display an appropriate error, in that case they will need to recreate > it which is possible over the WUI. > After the update to Core 120 only a few people wrote about that problem > possibly because mostly people do use already 2048 bit. > > Erik > > Am Dienstag, den 19.06.2018, 11:31 +0100 schrieb Michael Tremer: > > Hello, > > > > this patch is fine, but what do we do with systems that already have > > a key > > generated with that size? > > > > -Michael > > > > On Mon, 2018-06-18 at 19:16 +0200, Erik Kapfer wrote: > > --===============6899651311278213581==--