search

OpenVPN / easy-rsa

easy-rsa - Simple shell based CA utility
Other
4k stars 1.19k forks source link

export-p12, OpenSSL v1.x: Upgrade PBE and MAC options #1083

Closed TinCanTech closed 6 months ago

TinCanTech commented 6 months ago

OpenSSL v1.x defaults for 'pkcs12' files uses 'legacy' cryptography:

OpenSSL v1.x settings are no longer considered to be secure.

OpenSSL v3.x defaults for 'pkcs12' files are:

EasyRSA will now use OpenSSL v3.x cryptography for command 'export-p12' when using OpenSSL v1.x

Use of EasyRSA command option 'legacy' will revert to the old behavior.

TinCanTech commented 6 months ago

Based-on: #1081

TinCanTech commented 6 months ago

Superseded-by: #1084