- update to 2.6.3:
* For full changelog please refer to:
https://github.com/OpenVPN/openvpn/blob/v2.6.3/Changes.rst
* implement byte counter statistics for DCO Linux (p2mp server
and client)
* implement byte counter statistics for DCO Windows (client only)
* '--dns server address ...' now permits up to 8 v4 or v6
addresses
* fix a few cases of possibly undefined behaviour detected by ASAN
* add more unit tests for Windows cryptoapi interface
* Dynamic TLS Crypt When both peers are OpenVPN 2.6.1+, OpenVPN
will dynamically create a tls-crypt key that is used for
renegotiation. This ensure that only the previously authenticated
peer can do trigger renegotiation and complete renegotiations.
* Keying Material Exporters (RFC 5705) based key generation
* As part of the cipher negotiation OpenVPN will automatically prefer
the RFC5705 based key material generation to the current custom
OpenVPN PRF. This feature requires OpenSSL or mbed TLS 2.18+.
* OpenVPN will now work with OpenSSL in FIPS mode. Note, no effort
has been made to check or implement all the requirements/
recommendation of FIPS 140-2. This just allows OpenVPN to be run on
a system that be configured OpenSSL in FIPS mode.
* mlock will now check if enough memlock-able memory has been reserved,
and if less than 100MB RAM are available, use setrlimit() to upgrade
the limit. See Trac #1390. Not available on OpenSolaris.
* The --peer-fingerprint option has been introduced to give users an
easy to use alternative to the tls-verify for matching the fingerprint
of the peer. The option takes use a number of allowed SHA256
certificate fingerprints.
* When --peer-fingerprint is used, the --ca and --capath option become