Easy-TLS version 2.7.0

Version 2.7.0 is the first fully complete feature set release. No further changes are planned.

• The following files are contained within the release archive below:
  

  • easytls
  • easytls-cryptv2-verify.sh
  • easytls-cryptv2-verify.vars-example
  • easytls-client-connect.sh
  • easytls-client-connect.vars-example
  • easytls-client-disconnect.sh
  • easytls-client-disconnect.vars-example
  • easytls-conntrac.lib

• This is the complete release file - Release archive: easytls-2.7.0.tar.gz

  SHA256: 4fb4ea823dc6eed7beb6c95d191874f8f57737da848d0c6e4c30c904222c7218

The Assets found below are not required.

Version 2.6.0

Version 2.6.0 is DOOMED

The first implementation of TLS-Crypt-V2 GROUP keys is cumbersome and inflexible, so it is being changed, slowly.

Please do not create any GROUP keys with this version, instead download easytls over your current v2.6.0 version.

That is the only change required.

Better than that, clone the entire repo!

---

The original v2.6.0 release follows:

Important changes

• Introduce easytls-tctip.lib (Optional library)
  Commit f85e95e
  Shared IPv4/6 address functions

• Introduce TLS-2 Key metadata "source IP" filter
  Commit 343652d
  IPv4/6 Client source IP matching

• Introduce new Level Security setting for client-connect
  Commit 41e4699
  Help to transition clients to TLS-Crypt-V2 keys

• Introduce TLS-Crypt-V2 Group Keys
  Commit 9d165c9
  Commit e43542d
  This allows Groups of users to use the same key

• Add support for Openvpn dynamic client-connect file
  Commit c89cdff
  This alows Openvpn server to push dynamic options

• Allow multiple Custom_Groups per server
  Commit 3c85741
  This allows clients to be sub-divided by Custom_Group

• Abandon easytls-verify.sh
  Commit 682ba0f
  Script is no longer required due to UV_TLSKEY_SERIAL

• Add UV_TLSKEY_SERIAL to be pushed to server
  Commit 5ccdb9f
  All clients using TLS-Crypt-V2 keys must push the
  TLS-Key serial number to identify the key

• Removed option --openvpn
  Commit cf413bd
  Development only requirement

• Introduce vars files for server side scripts
  Commit 12dcd3f
  The command line was too long when run under Windows
  due to the extra requirement of loading sh.exe

Easy-TLS v2.5

Version 2.5 is a long term release.

There are no further changes planned. Only bug fixes, as bugs are identified.

To use Easy-TLS, download easytls and easytls-openssl.cnf from the list below.
To use all the features available then down load all the files below.

v2.4

Add self-signed certificates to `build` inter-active menu

v2.2

Full support for No-CA mode.

v2.1

Introduce No CA Mode.

No CA Mode allows Easy-TLS to function without the need for a CA and full PKI.
This means it can be used to build TLS-Crypt-V2 keys for self-signed certificates.
Usage:
./easyrsa init-pki
./easytls init no-ca
./easytls self-sign-server or self-sign-client to create self-signed certificates.
These can then be used by OpenVPN using Peer-Fingerprint mode.

Easy-TLS version 1.27

First official release.