Collected openvpn with libressl support. Everything is assembled without errors and starts.

The output of the command ./libressl/bin/openssl ciphers :

================================================= List GOST2012256-GOST89-GOST89 GOST2001-GOST89-GOST89 is shortened:

The output of the command ./openvpn --show-tls :

================================================= GOST2012256 -GOST89-GOST89 (No IANA name known to OpenVPN, use OpenSSL name.) TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE -RSA-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA GOST2001-GOST89-GOST89 (No IANA name known to OpenVPN, use OpenSSL name.)

The output of the command ./openvpn --show-ciphers :

================================================= gost89 256 bit default key (fixed) (TLS client / server mode) gost89-cnt 256 bit default key (fixed) (TLS client / server mode)

When trying to generate a certificate

 ./openssl req -newkey gost2001 -pkeyopt paramset:A -passout pass:aofvlgzm -subj

This error occurs:

"/ C = RU / ST = Moscow / L = Moscow / O = foo_bar / OU = foo_bar / CN = developer / emailAddress=vany.egorov@gmail.com" -new> certificate_signing_request.csr Generating a 1024 bit GOST2001 private key Error Generating Key 140568465020576: error: 32073073: GOST routines: PKEY_GOST01_PARAMGEN: no parameters set: gost / gostr341001_pmeth.c: 193:

Help generate GOST certificates for openvpn .

    1 answer 1

    Try adding the -engine gost parameter before -newkey gost2001

    • Tried cnagelog says that the engine option has been removed ftp.fu-berlin.de/unix/OpenBSD/LibreSSL/... * The engine command line has been removed from the openssl (1). Previous releases removed engine support built. - zerocool
    • What is your openssl version? - Andrew Hobbit
    • I compiled libressl version 2.3.2 as it supports block encryption according to GOST. - zerocool