)]}'
{"id":"openvpn~945","triplet_id":"openvpn~master~Ica02244c9f0ac9b4690a51f940fda9d900465289","project":"openvpn","branch":"master","attention_set":{},"removed_from_attention_set":{"1000003":{"account":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"last_update":"2025-05-19 09:52:24.000000000","reason":"Change was submitted"},"1000002":{"account":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"last_update":"2025-05-18 22:02:29.000000000","reason":"removed on reply"},"1000001":{"account":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"last_update":"2025-05-19 09:52:24.000000000","reason":"Change was submitted"}},"hashtags":[],"change_id":"Ica02244c9f0ac9b4690a51f940fda9d900465289","subject":"Make --dh none behaviour default if not specified","status":"MERGED","created":"2025-04-23 10:55:23.000000000","updated":"2025-05-19 09:52:24.000000000","submitted":"2025-05-19 09:52:24.000000000","submitter":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"total_comment_count":19,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"945","meta_rev_id":"1c07b0f6517e687e62b52db9dfddf9ce135bbdc8","_number":945,"virtual_id_number":945,"owner":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"actions":{},"labels":{"Code-Review":{"all":[{"value":0,"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},{"value":0,"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},{"value":0,"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."}],"values":{"-2":"This shall not be submitted","-1":"I would prefer this is not submitted as is"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"default_value":0}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"}],"CC":[{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2025-04-23 10:55:25.000000000","updated_by":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"reviewer":{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"},"state":"CC"},{"updated":"2025-04-23 10:55:25.000000000","updated_by":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"reviewer":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"state":"REVIEWER"},{"updated":"2025-05-05 10:43:09.000000000","updated_by":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"reviewer":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"state":"REVIEWER"}],"messages":[{"id":"f7bf8679e24637a28de782e1abd8b67dbb11e781","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2025-04-23 10:55:23.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"f488de7c6ec5bf87cf1439b6dfa9797699c5aeb8","author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"date":"2025-04-23 11:06:25.000000000","message":"Patch Set 1: Code-Review-1\n\n(4 comments)","accounts_in_message":[],"_revision_number":1},{"id":"bf55dcbe207cba377e8e38f7672bcfeff4e883db","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2025-04-23 11:53:39.000000000","message":"Uploaded patch set 2.\n\nOutdated Votes:\n* Code-Review-1 (copy condition: \"changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR is:MIN\")\n","accounts_in_message":[],"_revision_number":2},{"id":"c723bc77c9642669907dfa001c2ec6b74f0c31dc","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2025-04-24 11:20:03.000000000","message":"Patch Set 2:\n\n(2 comments)","accounts_in_message":[],"_revision_number":2},{"id":"559b0ce0243d1e96a5e245980e3562b85f49cbfa","author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"date":"2025-04-25 11:39:02.000000000","message":"Patch Set 2: Code-Review-1\n\n(6 comments)","accounts_in_message":[],"_revision_number":2},{"id":"b86fca1883981384fc263c2fb5a0ea756a038dab","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2025-04-29 21:04:21.000000000","message":"Patch Set 2: Code-Review-2\n\n(1 comment)","accounts_in_message":[],"_revision_number":2},{"id":"d3265f4f08e369d2d81b52e715c18a5081263429","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2025-05-02 12:54:43.000000000","message":"Uploaded patch set 3.\n\nCopied Votes:\n* Code-Review-2 (copy condition: \"changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR **is:MIN**\")\n\nOutdated Votes:\n* Code-Review-1 (copy condition: \"changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR is:MIN\")\n","accounts_in_message":[],"_revision_number":3},{"id":"907ba6ecdd1d17674fcad295dbf202c3781906a4","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2025-05-02 12:54:59.000000000","message":"Patch Set 3: -Code-Review","accounts_in_message":[],"_revision_number":3},{"id":"925d713049da3e5d3ffaf1f1432bfabc97a8384e","author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"date":"2025-05-02 14:22:30.000000000","message":"Patch Set 3:\n\n(1 comment)","accounts_in_message":[],"_revision_number":3},{"id":"c947912e02eca0438eb44c578b7621ca41c9a556","author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"date":"2025-05-02 14:23:31.000000000","message":"Patch Set 3:\n\n(1 comment)","accounts_in_message":[],"_revision_number":3},{"id":"3c24e5ff09e3324d54ac04ec206630afcf62e998","author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"date":"2025-05-05 10:43:09.000000000","message":"Patch Set 3: Code-Review-1\n\n(2 comments)","accounts_in_message":[],"_revision_number":3},{"id":"c4eb4a4e1e00759908e3aa8dbffd110455a15bd9","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2025-05-18 20:43:49.000000000","message":"Patch Set 3:\n\n(2 comments)","accounts_in_message":[],"_revision_number":3},{"id":"09ea7c01fc4adfdf5125f12e0c7f78c2a0591a5b","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2025-05-18 20:44:24.000000000","message":"Uploaded patch set 4.\n\nOutdated Votes:\n* Code-Review-1 (copy condition: \"changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR is:MIN\")\n","accounts_in_message":[],"_revision_number":4},{"id":"2414efd66fa6fddaba5ae543b952af04350a9c52","author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"date":"2025-05-18 22:02:29.000000000","message":"Patch Set 4: Code-Review+2","accounts_in_message":[],"_revision_number":4},{"id":"1c07b0f6517e687e62b52db9dfddf9ce135bbdc8","tag":"autogenerated:gerrit:merged","author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"date":"2025-05-19 09:52:24.000000000","message":"Change has been successfully pushed.","accounts_in_message":[],"_revision_number":5}],"current_revision_number":5,"current_revision":"57bdefbabd8d48fa93216c2049663fa3cacc50d3","revisions":{"304122d0014445218526cf8fe5ac6369759053da":{"kind":"REWORK","_number":1,"created":"2025-04-23 10:55:23.000000000","uploader":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"ref":"refs/changes/45/945/1","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/45/945/1","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/1 \u0026\u0026 git checkout -b change-945 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/45/945/1","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"f7aedca70e24e9a35f0cbd33d1aa708b4daf0055","subject":"ssl_openssl.c: Prevent potential double-free"}],"author":{"name":"Arne Schwabe","email":"arne@rfc2549.org","date":"2025-04-23 09:09:37.000000000","tz":120},"committer":{"name":"Arne Schwabe","email":"arne@rfc2549.org","date":"2025-04-23 09:33:23.000000000","tz":120},"subject":"Make dh none behaviour default if not specific and add dh auto","message":"Make dh none behaviour default if not specific and add dh auto\n\nNowadays ciphers that are using still DH and not ECDH are rarely chosen\nas best cipher suite. Our man page even indicates that OpenSSL 1.0.1+\nsupports ECDH cipher suites. So it does not feel useful to force\nspecifying --dh anymore.\n\nCustom generated Diffie Hellmann parameters are also discouraged\nnowadays. The newest OpenSSL FIPS libraries even flat out reject them:\n\n   FIPS 186-4 type domain parameters no longer allowed in FIPS mode,\n   since the required validation routines were removed from FIPS 186-5\n\nSo add --dh auto since is very little extra code to let the TLS library\nitself pick the parameter.\n\nChange-Id: Ica02244c9f0ac9b4690a51f940fda9d900465289\n"},"branch":"refs/heads/master"},"665e87ae4d41cb879bc2f3c644e01ec46a11262c":{"kind":"REWORK","_number":2,"created":"2025-04-23 11:53:39.000000000","uploader":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"ref":"refs/changes/45/945/2","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/45/945/2","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/2 \u0026\u0026 git checkout -b change-945 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/45/945/2","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"f7aedca70e24e9a35f0cbd33d1aa708b4daf0055","subject":"ssl_openssl.c: Prevent potential double-free"}],"author":{"name":"Arne Schwabe","email":"arne@rfc2549.org","date":"2025-04-23 09:09:37.000000000","tz":120},"committer":{"name":"Arne Schwabe","email":"arne@rfc2549.org","date":"2025-04-23 11:53:13.000000000","tz":120},"subject":"Make dh none behaviour default if not specified and add dh auto","message":"Make dh none behaviour default if not specified and add dh auto\n\nNowadays ciphers that are using still DH and not ECDH are rarely chosen\nas best cipher suite. Our man page even indicates that OpenSSL 1.0.1+\nsupports ECDH cipher suites. So it does not feel useful to force\nspecifying --dh anymore.\n\nCustom generated Diffie Hellmann parameters are also discouraged\nnowadays. The newest OpenSSL FIPS libraries even flat out reject them:\n\n   FIPS 186-4 type domain parameters no longer allowed in FIPS mode,\n   since the required validation routines were removed from FIPS 186-5\n\nSo add --dh auto since is very little extra code to let the TLS library\nitself pick the parameter.\n\nChange-Id: Ica02244c9f0ac9b4690a51f940fda9d900465289\n"},"branch":"refs/heads/master"},"8fcb01efdd28b23558489632c283d47eb4ab929c":{"kind":"REWORK","_number":3,"created":"2025-05-02 12:54:43.000000000","uploader":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"ref":"refs/changes/45/945/3","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/45/945/3","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/3 \u0026\u0026 git checkout -b change-945 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/3 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/3 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/3 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/45/945/3","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/3 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"9ecaf2400a7b399166c0698c30d413b91cd4f534","subject":"Fix tmp-dir documentation"}],"author":{"name":"Arne Schwabe","email":"arne@rfc2549.org","date":"2025-04-23 09:09:37.000000000","tz":120},"committer":{"name":"Arne Schwabe","email":"arne@rfc2549.org","date":"2025-05-02 12:51:57.000000000","tz":120},"subject":"Make --dh none behaviour default if not specified","message":"Make --dh none behaviour default if not specified\n\nNowadays ciphers that are using still DH and not ECDH are rarely chosen\nas best cipher suite. Our man page even indicates that OpenSSL 1.0.1+\nsupports ECDH cipher suites. So it does not feel useful to force\nspecifying --dh anymore.\n\nSide note: Custom generated Diffie Hellmann parameters are also\ndiscouraged nowadays. The newest OpenSSL FIPS libraries even flat\nout reject them:\n\n   FIPS 186-4 type domain parameters no longer allowed in FIPS mode,\n   since the required validation routines were removed from FIPS 186-5\n\nBut instead of adding support for loading the well-known curve just make\ndh none the default and the recommended option as finite field Diffie\nHellmann is being deprecated anyway\n(https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsolete-kex/)\nand not supported by TLS 1.3 at all.\n\nChange-Id: Ica02244c9f0ac9b4690a51f940fda9d900465289\n"},"branch":"refs/heads/master"},"2da7291441ddca7a1659ad24759fde7be049b5f4":{"kind":"REWORK","_number":4,"created":"2025-05-18 20:44:24.000000000","uploader":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"ref":"refs/changes/45/945/4","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/45/945/4","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/4 \u0026\u0026 git checkout -b change-945 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/4 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/4 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/4 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/45/945/4","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/4 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"69cd7b1703781f52c98cf8a6a2e3a93e71afed16","subject":"fix typo in haikuos dns-updown script"}],"author":{"name":"Arne Schwabe","email":"arne@rfc2549.org","date":"2025-04-23 09:09:37.000000000","tz":120},"committer":{"name":"Arne Schwabe","email":"arne@rfc2549.org","date":"2025-05-18 20:44:12.000000000","tz":120},"subject":"Make --dh none behaviour default if not specified","message":"Make --dh none behaviour default if not specified\n\nNowadays ciphers that are using still DH and not ECDH are rarely chosen\nas best cipher suite. Our man page even indicates that OpenSSL 1.0.1+\nsupports ECDH cipher suites. So it does not feel useful to force\nspecifying --dh anymore.\n\nSide note: Custom generated Diffie Hellmann parameters are also\ndiscouraged nowadays. The newest OpenSSL FIPS libraries even flat\nout reject them:\n\n   FIPS 186-4 type domain parameters no longer allowed in FIPS mode,\n   since the required validation routines were removed from FIPS 186-5\n\nBut instead of adding support for loading the well-known curve just make\ndh none the default and the recommended option as finite field Diffie\nHellmann is being deprecated anyway\n(https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsolete-kex/)\nand not supported by TLS 1.3 at all.\n\nChange-Id: Ica02244c9f0ac9b4690a51f940fda9d900465289\n"},"branch":"refs/heads/master"},"57bdefbabd8d48fa93216c2049663fa3cacc50d3":{"kind":"REWORK","_number":5,"created":"2025-05-19 09:52:24.000000000","uploader":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"ref":"refs/changes/45/945/5","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/45/945/5","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/5 \u0026\u0026 git checkout -b change-945 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/5 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/5 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/5 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/45/945/5","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/45/945/5 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"565d7cf48120d4394258fc3f2aa1b710315cd4e9","subject":"Explicit-exit-notify and multisocket interaction"}],"author":{"name":"Arne Schwabe","email":"arne@rfc2549.org","date":"2025-05-18 22:02:39.000000000","tz":120},"committer":{"name":"Gert Doering","email":"gert@greenie.muc.de","date":"2025-05-19 09:48:03.000000000","tz":120},"subject":"Make --dh none behaviour default if not specified","message":"Make --dh none behaviour default if not specified\n\nNowadays ciphers that are using still DH and not ECDH are rarely chosen\nas best cipher suite. Our man page even indicates that OpenSSL 1.0.1+\nsupports ECDH cipher suites. So it does not feel useful to force\nspecifying --dh anymore.\n\nSide note: Custom generated Diffie Hellmann parameters are also\ndiscouraged nowadays. The newest OpenSSL FIPS libraries even flat\nout reject them:\n\n   FIPS 186-4 type domain parameters no longer allowed in FIPS mode,\n   since the required validation routines were removed from FIPS 186-5\n\nBut instead of adding support for loading the well-known curve just make\ndh none the default and the recommended option as finite field Diffie\nHellmann is being deprecated anyway\n(https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsolete-kex/)\nand not supported by TLS 1.3 at all.\n\nChange-Id: Ica02244c9f0ac9b4690a51f940fda9d900465289\nSigned-off-by: Arne Schwabe \u003carne-openvpn@rfc2549.org\u003e\nAcked-by: Gert Doering \u003cgert@greenie.muc.de\u003e\nMessage-Id: \u003c20250518220245.24489-1-gert@greenie.muc.de\u003e\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31695.html\nSigned-off-by: Gert Doering \u003cgert@greenie.muc.de\u003e\n"},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[],"submit_requirements":[]}