)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"e0b27b0f4ed7aa22c6b90f27fb787486fef12597","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Extend the error message when TLS 1.0 PRF fails"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This error will probably become more and more common in the future when"},{"line_number":10,"context_line":"more and more system will drop TLS 1.0 PRF support. We are already seeing"},{"line_number":11,"context_line":"people stumbling upon this (see GitHub issue #460)"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"The current error messages"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"608abdb9_ecbe54f9","line":10,"updated":"2023-12-01 11:11:21.000000000","message":"\"systems\"","commit_id":"2d04a96c0084d094b53cedde9ce4103db9ac818c"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"e74c297af109333e9c72950a29451d7aa63f16ae","unresolved":false,"context_lines":[{"line_number":7,"context_line":"Extend the error message when TLS 1.0 PRF fails"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This error will probably become more and more common in the future when"},{"line_number":10,"context_line":"more and more system will drop TLS 1.0 PRF support. We are already seeing"},{"line_number":11,"context_line":"people stumbling upon this (see GitHub issue #460)"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"The current error messages"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"885ae8f3_12d97924","line":10,"in_reply_to":"608abdb9_ecbe54f9","updated":"2023-12-13 10:52:24.000000000","message":"Done","commit_id":"2d04a96c0084d094b53cedde9ce4103db9ac818c"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"e0b27b0f4ed7aa22c6b90f27fb787486fef12597","unresolved":true,"context_lines":[{"line_number":16,"context_line":"  TLS Error: generate_key_expansion failed"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"are not very helpful for people that do not have deep understanding of TLS or"},{"line_number":19,"context_line":"the OpenVPN protocol. Improve a on this message to give a normal user a chance"},{"line_number":20,"context_line":"to understand that the peer needs to be OpenVPN 2.6.x or newer."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Change-Id: Ib3b64b52beed69dc7740f191b0e9a9dc9af5b7f3"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"96b73433_b71bae49","line":19,"updated":"2023-12-01 11:11:21.000000000","message":"Remove \"a on\"","commit_id":"2d04a96c0084d094b53cedde9ce4103db9ac818c"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"e74c297af109333e9c72950a29451d7aa63f16ae","unresolved":false,"context_lines":[{"line_number":16,"context_line":"  TLS Error: generate_key_expansion failed"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"are not very helpful for people that do not have deep understanding of TLS or"},{"line_number":19,"context_line":"the OpenVPN protocol. Improve a on this message to give a normal user a chance"},{"line_number":20,"context_line":"to understand that the peer needs to be OpenVPN 2.6.x or newer."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Change-Id: Ib3b64b52beed69dc7740f191b0e9a9dc9af5b7f3"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"4bd01855_a7144a45","line":19,"in_reply_to":"96b73433_b71bae49","updated":"2023-12-13 10:52:24.000000000","message":"Done","commit_id":"2d04a96c0084d094b53cedde9ce4103db9ac818c"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"e0b27b0f4ed7aa22c6b90f27fb787486fef12597","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"4a698ed1_22af9315","updated":"2023-12-01 11:11:21.000000000","message":"Isn\u0027t this made redundant by https://gerrit.openvpn.net/c/openvpn/+/460?","commit_id":"8ec7c68d2a054b724fd4210059692ceba9e3495c"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"2e86db42f659c4135d6bb13e9e7afbc554be22e6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"b4706658_63c0b394","in_reply_to":"02fe96d3_1ef979cc","updated":"2023-12-08 11:05:51.000000000","message":"Acknowledged","commit_id":"8ec7c68d2a054b724fd4210059692ceba9e3495c"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"17aad33097614ec1afe2850be11fc1bb7dce4db3","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":6,"id":"7599e13a_11478a5a","in_reply_to":"4a698ed1_22af9315","updated":"2023-12-01 12:12:01.000000000","message":"In theory yes. With the other change you get a warning on startup and with this the actual error when you connect to a peer is been improved to point out that this is a peer that is missing the TLS export functionality. I can also squash the two into one.","commit_id":"8ec7c68d2a054b724fd4210059692ceba9e3495c"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"54216320179d0ac182faff69b2730092faf208fe","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":6,"id":"fc3d299f_ef14c777","in_reply_to":"7599e13a_11478a5a","updated":"2023-12-07 10:50:43.000000000","message":"So on a server it should not be possible to hit this error anymore after #460, because it will already rejected the client, right? But on a client/p2p peer it would still be possible to hit this error?","commit_id":"8ec7c68d2a054b724fd4210059692ceba9e3495c"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"b0df7ec98efedfd63c6545c0eb9027a5faa0cce3","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":6,"id":"02fe96d3_1ef979cc","in_reply_to":"fc3d299f_ef14c777","updated":"2023-12-07 18:23:41.000000000","message":"Correct.","commit_id":"8ec7c68d2a054b724fd4210059692ceba9e3495c"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"2e86db42f659c4135d6bb13e9e7afbc554be22e6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"81809a9f_395fa6bf","updated":"2023-12-08 11:05:51.000000000","message":"Typos can be fixed on submission.","commit_id":"ddb0cfddb3e34336bcf8225ac1864d00219f7f62"}],"src/openvpn/ssl.c":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"3185f5b8ddf8a9853828028f39424b2b804750a8","unresolved":true,"context_lines":[{"line_number":1643,"context_line":"        {"},{"line_number":1644,"context_line":"            msg(D_TLS_ERRORS, \"TLS Error: PRF calculation failed. Your system \""},{"line_number":1645,"context_line":"                \"might not support the old TLS 1.0 PRF calculation anymore or \""},{"line_number":1646,"context_line":"                \"the policy does not allow TLS1 PRF calculation anymore \""},{"line_number":1647,"context_line":"                \"(e.g. running in FIPS mode). The peer did not announce support \""},{"line_number":1648,"context_line":"                \"for the modern TLS Export feature that replaces the TLS 1.0\""},{"line_number":1649,"context_line":"                \"RPF (requires OpenVPN 2.6.x or higher)\");"}],"source_content_type":"text/x-csrc","patch_set":4,"id":"ee1b4057_5f8e6e92","line":1646,"updated":"2023-11-28 11:10:36.000000000","message":"replace repeated \"TLS1 PRF calculation anymore\" by \"it\". Not wrong, but clunky.","commit_id":"274ab5ab12d2317e626b32e2d040a5ca539e65f1"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"23b80c83186a1c701da9356a6d0a0ae8a69ef273","unresolved":false,"context_lines":[{"line_number":1643,"context_line":"        {"},{"line_number":1644,"context_line":"            msg(D_TLS_ERRORS, \"TLS Error: PRF calculation failed. Your system \""},{"line_number":1645,"context_line":"                \"might not support the old TLS 1.0 PRF calculation anymore or \""},{"line_number":1646,"context_line":"                \"the policy does not allow TLS1 PRF calculation anymore \""},{"line_number":1647,"context_line":"                \"(e.g. running in FIPS mode). The peer did not announce support \""},{"line_number":1648,"context_line":"                \"for the modern TLS Export feature that replaces the TLS 1.0\""},{"line_number":1649,"context_line":"                \"RPF (requires OpenVPN 2.6.x or higher)\");"}],"source_content_type":"text/x-csrc","patch_set":4,"id":"0ec7b701_2ff8abba","line":1646,"in_reply_to":"ee1b4057_5f8e6e92","updated":"2023-11-28 13:39:16.000000000","message":"Done","commit_id":"274ab5ab12d2317e626b32e2d040a5ca539e65f1"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"3185f5b8ddf8a9853828028f39424b2b804750a8","unresolved":true,"context_lines":[{"line_number":1646,"context_line":"                \"the policy does not allow TLS1 PRF calculation anymore \""},{"line_number":1647,"context_line":"                \"(e.g. running in FIPS mode). The peer did not announce support \""},{"line_number":1648,"context_line":"                \"for the modern TLS Export feature that replaces the TLS 1.0\""},{"line_number":1649,"context_line":"                \"RPF (requires OpenVPN 2.6.x or higher)\");"},{"line_number":1650,"context_line":"            goto exit;"},{"line_number":1651,"context_line":"        }"},{"line_number":1652,"context_line":"    }"}],"source_content_type":"text/x-csrc","patch_set":4,"id":"7513ecb6_37390f4b","line":1649,"updated":"2023-11-28 11:10:36.000000000","message":"\"PRF\"","commit_id":"274ab5ab12d2317e626b32e2d040a5ca539e65f1"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"23b80c83186a1c701da9356a6d0a0ae8a69ef273","unresolved":false,"context_lines":[{"line_number":1646,"context_line":"                \"the policy does not allow TLS1 PRF calculation anymore \""},{"line_number":1647,"context_line":"                \"(e.g. running in FIPS mode). The peer did not announce support \""},{"line_number":1648,"context_line":"                \"for the modern TLS Export feature that replaces the TLS 1.0\""},{"line_number":1649,"context_line":"                \"RPF (requires OpenVPN 2.6.x or higher)\");"},{"line_number":1650,"context_line":"            goto exit;"},{"line_number":1651,"context_line":"        }"},{"line_number":1652,"context_line":"    }"}],"source_content_type":"text/x-csrc","patch_set":4,"id":"1da24bd3_cadab853","line":1649,"in_reply_to":"7513ecb6_37390f4b","updated":"2023-11-28 13:39:16.000000000","message":"Done","commit_id":"274ab5ab12d2317e626b32e2d040a5ca539e65f1"}]}