summaryrefslogtreecommitdiff
path: root/Changes.rst
diff options
context:
space:
mode:
authorBernhard Schmidt <Bernhard.Schmidt@lrz.de>2018-03-04 22:55:51 +0100
committerBernhard Schmidt <Bernhard.Schmidt@lrz.de>2018-03-04 22:55:51 +0100
commit4afa7ed562410a1170223a7bc06efb3708af6a36 (patch)
treeb895b41b7629c9a31de5cc15e7aa7805ddac87ce /Changes.rst
parenta6daf938f5f616a4a67caa6580b0c99e9a8c3779 (diff)
New upstream version 2.4.5upstream/2.4.5
Diffstat (limited to 'Changes.rst')
-rw-r--r--Changes.rst66
1 files changed, 62 insertions, 4 deletions
diff --git a/Changes.rst b/Changes.rst
index d5e12eb..4168d62 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -133,10 +133,6 @@ keying-material-exporter
Keying Material Exporter [RFC-5705] allow additional keying material to be
derived from existing TLS channel.
-Mac OS X Keychain management client
- Added contrib/keychain-mcd which allows to use Mac OS X keychain
- certificates with OpenVPN.
-
Android platform support
Support for running on Android using Android's VPNService API has been added.
See doc/android.txt for more details. This support is primarily used in
@@ -325,6 +321,68 @@ Maintainer-visible changes
i386/i686 builds on RHEL5.
+Version 2.4.5
+=============
+This is primarily a maintenance release, with further improved OpenSSL 1.1
+integration, several minor bug fixes and other minor improvements.
+
+
+New features
+------------
+- The new option ``--tls-cert-profile`` can be used to restrict the set of
+ allowed crypto algorithms in TLS certificates in mbed TLS builds. The
+ default profile is 'legacy' for now, which allows SHA1+, RSA-1024+ and any
+ elliptic curve certificates. The default will be changed to the 'preferred'
+ profile in the future, which requires SHA2+, RSA-2048+ and any curve.
+
+- make CryptoAPI support (Windows) compatible with OpenSSL 1.1 builds
+
+- TLS v1.2 support for cryptoapicert (on Windows) -- RSA only
+
+- openvpnserv: Add support for multi-instances (to support multiple
+ parallel OpenVPN installations, like EduVPN and regular OpenVPN)
+
+- Use P_DATA_V2 for server->client packets too (better packet alignment)
+
+- improve management interface documentation
+
+- rework registry key handling for OpenVPN service, notably making most
+ registry values optional, falling back to reasonable defaults
+
+- accept IPv6 address for pushed "dhcp-option DNS ..."
+ (make OpenVPN 2 option compatible with OpenVPN 3 iOS and Android clients)
+
+
+Bug fixes
+---------
+- Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
+
+- Fix lots of compiler warnings (format string, type casts, ...)
+
+- Fix --redirect-gateway route installation on Windows systems that have
+ multiple interfaces into the same network (e.g. Wifi and wired LAN).
+
+- Fix IPv6 interface route cleanup on Windows
+
+- reload HTTP proxy credentials when moving to the next connection profile
+
+- Fix build with LibreSSL (multiple times)
+
+- Remove non-useful warning on pushed tun-ipv6 option.
+
+- fix building with MSVC due to incompatible C constructs
+
+- autoconf: Fix engine checks for openssl 1.1
+
+- lz4: Rebase compat-lz4 against upstream v1.7.5
+
+- lz4: Fix broken builds when pkg-config is not present but system library is
+
+- Fix '--bind ipv6only'
+
+- Allow learning iroutes with network made up of all 0s
+
+
Version 2.4.4
=============
This is primarily a maintenance release, with further improved OpenSSL 1.1