From 0f88c9b6b67b3ab547d81ac15b029a4208f09944 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Fri, 6 Mar 2015 15:01:08 +0100 Subject: add tls-cipher FAQ --- .../main/java/de/blinkt/openvpn/fragments/FaqFragment.java | 11 ++--------- main/src/main/res/values/strings.xml | 2 ++ 2 files changed, 4 insertions(+), 9 deletions(-) (limited to 'main') diff --git a/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java b/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java index 049261f5..4bc93cef 100644 --- a/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java +++ b/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java @@ -8,15 +8,6 @@ package de.blinkt.openvpn.fragments; import android.app.Fragment; import android.content.Context; import android.os.Build; -import android.os.Bundle; -import android.support.v7.widget.RecyclerView; -import android.support.v7.widget.StaggeredGridLayoutManager; -import android.util.DisplayMetrics; -import android.view.LayoutInflater; -import android.view.View; -import android.view.ViewGroup; - -import java.util.Vector; import de.blinkt.openvpn.R; @@ -136,6 +127,8 @@ public class FaqFragment extends Fragment { new FAQEntry(Build.VERSION_CODES.JELLY_BEAN_MR2, Build.VERSION_CODES.JELLY_BEAN_MR2, R.string.ab_secondary_users_title, R.string.ab_secondary_users), new FAQEntry(Build.VERSION_CODES.JELLY_BEAN_MR2, -1, R.string.faq_vpndialog43_title, R.string.faq_vpndialog43), + new FAQEntry(Build.VERSION_CODES.ICE_CREAM_SANDWICH, -1, R.string.tls_cipher_alert_title, R.string.tls_cipher_alert), + new FAQEntry(Build.VERSION_CODES.ICE_CREAM_SANDWICH, -1, R.string.faq_security_title, R.string.faq_security), new FAQEntry(Build.VERSION_CODES.ICE_CREAM_SANDWICH, -1, R.string.faq_shortcut, R.string.faq_howto_shortcut), diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml index 9054d3cd..61cf4700 100755 --- a/main/src/main/res/values/strings.xml +++ b/main/src/main/res/values/strings.xml @@ -376,5 +376,7 @@ Remote networks not reachable Persist tun mode %s and later + Connections fails with SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure + Newer OpenVPN for Android versions (0.6.29/March 2015) use a more secure default for the allowed cipher suites (tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\"). Unfortunately, omitting the less secure cipher suites and export cipher suites, especially the omission of cipher suites that do not support Perfect Forward Secrecy (Diffie-Hellman) causes some problems. This usually caused by an well-intentioned but poorly executed attempts to strengthen TLS security by setting tls-cipher on the server.\nTo solve this problem the problem, set the tls-cipher settings on the server to reasonable default like tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\". To work around the problem on the client add the custom option tls-cipher DEFAULT on the Android client. -- cgit v1.2.3