From c89fd2f73f8a84f9ef7742e39476a9645e6d3863 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Thu, 1 Feb 2018 15:30:39 +0100 Subject: #8832 add all ics-openvpn code changes --- app/src/main/res/values/strings-icsopenvpn.xml | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'app/src/main/res/values/strings-icsopenvpn.xml') diff --git a/app/src/main/res/values/strings-icsopenvpn.xml b/app/src/main/res/values/strings-icsopenvpn.xml index 52abd9a5..5094b909 100755 --- a/app/src/main/res/values/strings-icsopenvpn.xml +++ b/app/src/main/res/values/strings-icsopenvpn.xml @@ -436,16 +436,34 @@ %.1f kbit/s %.1f Mbit/s %.1f Gbit/s - <p>Starting with OpenSSL version 1.1, OpenSSL rejects weak signatures in certificates like MD5.</p><p><b>MD5 signatures are insecure and should not be used anymore.</b> MD5 collisions can be created in <a href="https://natmchugh.blogspot.de/2015/02/create-your-own-md5-collisions.html">few hours at a minimal cost.</a>. You should update the VPN certificates as soon as possible.</p><p>Unfortunately, older easy-rsa distributions included the config option "default_md md5". If you are using an old easy-rsa version, update to the <a href="https://github.com/OpenVPN/easy-rsa/releases">latest version</a>) or change md5 to sha256 and regenerate your certificates.</p><p>If you really want to use old and broken certificates use the custom configuration option tls-cipher "DEFAULT:@SECLEVEL=0" under advanced configuration or as additional line in your imported configuration</p> - -%.0f B + <p>Starting with OpenSSL version 1.1, OpenSSL rejects weak signatures in certificates like + MD5.</p><p><b>MD5 signatures are completely insecure and should not be used anymore.</b> MD5 + collisions can be created in <a + href="https://natmchugh.blogspot.de/2015/02/create-your-own-md5-collisions.html">few hours at a minimal cost.</a>. + You should update the VPN certificates as soon as possible.</p><p>Unfortunately, older easy-rsa + distributions included the config option "default_md md5". If you are using an old easy-rsa version, update to + the <a href="https://github.com/OpenVPN/easy-rsa/releases">latest version</a>) or change md5 to sha256 and + regenerate your certificates.</p><p>If you really want to use old and broken certificates use the custom + configuration option tls-cipher "DEFAULT:@SECLEVEL=0" under advanced configuration or as additional line in your + imported configuration</p> + + %.0f B %.1f kB %.1f MB %.1f GB Connection statistics Ongoing statistics of the established OpenVPN connection Connection status change - Status changes of the OpenVPN connection (Connecting, authenticating,…) + Status changes of the OpenVPN connection (Connecting, authenticating,…) Weak (MD5) hashes in certificate signature (SSL_CTX_use_certificate md too weak) + OpenSSL Speed Test + OpenSSL cipher names + OpenSSL Crypto Speed test + OpenSSL returned an error + Running test… + Test selected algorithms + An external app tries to control %s. The app requesting access cannot be determined. Allowing this app grants ALL apps access. + The OpenVPN 3 C++ implementation does not support static keys. Please change to OpenVPN 2.x under general settings. + Using PKCS12 files directly with OpenVPN 3 C++ implementation is not supported. Please import the pkcs12 files into the Android keystore or change to OpenVPN 2.x under general settings. -- cgit v1.2.3