Hello Adolf,
Thank you very much for testing.
I believe that I might have a small regression from OpenSSL 3.2.0 - at least I think it is that:
https://bugzilla.ipfire.org/show_bug.cgi?id=13527
Apache won’t start if a system has been upgraded for a long time and is using an older RSA key.
I could not find any indication in the change log of OpenSSL, but since we did not touch Apache itself in this update, I cannot come up with any other idea.
Since we are already using ECDSA keys as well as RSA keys, how about dropping the RSA keys altogether to solve this problem?
-Michael
On 16 Jan 2024, at 14:18, Adolf Belka adolf.belka@ipfire.org wrote:
Hi All,
At the last video call we agreed to test out openvpn and ipsec with the openssl-3.2.0 version that is in next.
I cloned a vm and updated it to unstable (CU183) and ran my existing openvpn connections on it that had been created with an older version of openssl-3.x. Everything worked without any problems.
I then created new connections with openssl-3.2.0 and tested them out. Again the connection was successfully made and I could access the remote green machine with no problems.
So for openvpn there looks to be no issues with openssl-3.2.0 from my testing.
Regards, Adolf.
-- Sent from my laptop