- Update to 2.6.4:
  * DCO: support kernel-triggered key rotation (avoid IV reuse after 
    2^32 packets). This is the userland side, accepting a message
    from kernel, and initiating a TLS renegotiation. As of release,
  * fix pkcs#11 usage with OpenSSL 3.x and PSS signing (Github #323)
  * fix compile error on TARGET_ANDROID
  * fix typo in help text
  * manpage updates (--topology)
  * encoding of non-ASCII windows error messages in log + management fixed
- Update openvpn.keyring

- update to 2.6.3:
  * For full changelog please refer to:
    https://github.com/OpenVPN/openvpn/blob/v2.6.3/Changes.rst
  * implement byte counter statistics for DCO Linux (p2mp server
    and client)
  * implement byte counter statistics for DCO Windows (client only)
  * '--dns server <n> address ...' now permits up to 8 v4 or v6
    addresses
  * fix a few cases of possibly undefined behaviour detected by ASAN
  * add more unit tests for Windows cryptoapi interface
  * Dynamic TLS Crypt When both peers are OpenVPN 2.6.1+, OpenVPN
    will dynamically create a tls-crypt key that is used for
    renegotiation. This ensure that only the previously authenticated
    peer can do trigger renegotiation and complete renegotiations.
  * Keying Material Exporters (RFC 5705) based key generation
  * As part of the cipher negotiation OpenVPN will automatically prefer
    the RFC5705 based key material generation to the current custom
    OpenVPN PRF. This feature requires OpenSSL or mbed TLS 2.18+.
  * OpenVPN will now work with OpenSSL in FIPS mode. Note, no effort

• Files Changed
• Browse Source