IPFire and another system which for now supports only 1.1.1 openssl


I use both IPFire and another system, won’t name it, in order to run OpenVPN servers.
If I read correctly, support for openssl 1.1.1 will end soon but for now the other system adopts it (probably openssl 3 on the roadmap but not yet ready for production, perhaps they’ll have to backport security patches).

In order to access the different servers I actually use the OpenVPN GUI version 2.5.
When IPFire will drop 1.1.1 version I’ll have to use the 2.6 version of the OpenVPN GUI , but with 2.6 I won’t be able to access the server(s) made through the other system, the one supporting only 1.1.1.
And I’m not so sure you can have version 2.5 and 2.6 of the OpenVPN GUI installed on the same system.

Hope I’ve succeeded in explaining my future problem.

Could you please give me suggestion(s) about this subject?

Thanks in advance

Best Wishes

Dropping openssl-1.1.1x means on IPFire itself.

If your server still needs the legacy certs produced with openssl-1.1.1x then I believe that you can just keep on using them.
The only thing that you will need to watch out for is that the lifetime of the client certificates is set to 730 days by default (approx two years). At that point they will expire and then you will need to create new ones which will be openssl-3.x based. When that will happen depends on when you originally created the certificates.

In CU174 a change was added that will flag certificates that are getting close to their expiry date.

IPFire CU175 will use the appropriate openssl commands with the legacy option added when it is a legacy client certificate based on openssl-1.1.1x and without the legacy option for any client certificates produced under openssl-3.x

So I believe it should continue working for you but you will have to test that out. You can always test it out after making a backup and saving it off of your IPFire machine, update to CU175 and test things. If it doesn’t work then you can re-install CU174 and then restore from the backup you made.


Thanks a lot for your suggestions.
For now both systems are working like a charm, if problems arise when IPFire drops 1.1.1 support I’ll make you know.

Best Wishes