summaryrefslogtreecommitdiff
path: root/main
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2015-03-06 15:01:08 +0100
committerArne Schwabe <arne@rfc2549.org>2015-03-06 15:01:08 +0100
commit0f88c9b6b67b3ab547d81ac15b029a4208f09944 (patch)
treef2a43d81f8f262bcc52609da8c1005991520e443 /main
parentc4a7bb09f8e434c0511008ea02052fcaa70541dc (diff)
add tls-cipher FAQ
Diffstat (limited to 'main')
-rw-r--r--main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java11
-rwxr-xr-xmain/src/main/res/values/strings.xml2
2 files changed, 4 insertions, 9 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java b/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java
index 049261f5..4bc93cef 100644
--- a/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java
+++ b/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java
@@ -8,15 +8,6 @@ package de.blinkt.openvpn.fragments;
import android.app.Fragment;
import android.content.Context;
import android.os.Build;
-import android.os.Bundle;
-import android.support.v7.widget.RecyclerView;
-import android.support.v7.widget.StaggeredGridLayoutManager;
-import android.util.DisplayMetrics;
-import android.view.LayoutInflater;
-import android.view.View;
-import android.view.ViewGroup;
-
-import java.util.Vector;
import de.blinkt.openvpn.R;
@@ -136,6 +127,8 @@ public class FaqFragment extends Fragment {
new FAQEntry(Build.VERSION_CODES.JELLY_BEAN_MR2, Build.VERSION_CODES.JELLY_BEAN_MR2, R.string.ab_secondary_users_title, R.string.ab_secondary_users),
new FAQEntry(Build.VERSION_CODES.JELLY_BEAN_MR2, -1, R.string.faq_vpndialog43_title, R.string.faq_vpndialog43),
+ new FAQEntry(Build.VERSION_CODES.ICE_CREAM_SANDWICH, -1, R.string.tls_cipher_alert_title, R.string.tls_cipher_alert),
+
new FAQEntry(Build.VERSION_CODES.ICE_CREAM_SANDWICH, -1, R.string.faq_security_title, R.string.faq_security),
new FAQEntry(Build.VERSION_CODES.ICE_CREAM_SANDWICH, -1, R.string.faq_shortcut, R.string.faq_howto_shortcut),
diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml
index 9054d3cd..61cf4700 100755
--- a/main/src/main/res/values/strings.xml
+++ b/main/src/main/res/values/strings.xml
@@ -376,5 +376,7 @@
<string name="ab_vpn_reachability_44_title">Remote networks not reachable</string>
<string name="ab_persist_tun_title">Persist tun mode</string>
<string name="version_and_later">%s and later</string>
+ <string name="tls_cipher_alert_title">Connections fails with SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure</string>
+ <string name="tls_cipher_alert">Newer OpenVPN for Android versions (0.6.29/March 2015) use a more secure default for the allowed cipher suites (tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\"). Unfortunately, omitting the less secure cipher suites and export cipher suites, especially the omission of cipher suites that do not support Perfect Forward Secrecy (Diffie-Hellman) causes some problems. This usually caused by an well-intentioned but poorly executed attempts to strengthen TLS security by setting tls-cipher on the server.\nTo solve this problem the problem, set the tls-cipher settings on the server to reasonable default like tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\". To work around the problem on the client add the custom option tls-cipher DEFAULT on the Android client.</string>
</resources>