...so the rest of us (We) welcome your contribution(s)
DD-WRT's build system isn't like OpenWRT's build system and all supported devices are not on a single kernel version. DD-WRT is fuller-featured out-of-the-box, which is a mixed bag. But I think BS was looking at other options in the past and more recently (BearSSL, WolfSSL, MatrixSSL, PolarSSL - the latter two are dead ends). I'm not going to look for the email thread... enjoy your wish sammich. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
...so the rest of us (We) welcome your contribution(s)
DD-WRT's build system isn't like OpenWRT's build system and all supported devices are not on a single kernel version. DD-WRT is fuller-featured out-of-the-box, which is a mixed bag. But I think BS was looking at other options in the past and more recently (BearSSL, WolfSSL, MatrixSSL, PolarSSL - the latter two are dead ends). I'm not going to look for the email thread... enjoy your wish sammich.
Well..... the idea of this thread was to be purely informative so, readers will have a choice what to use...and what to think...I'm not pushing anyone to update anything....so, get your dirty hands of me... ...
Personally I use Entware solutions for DNS and there where those Lib's are in use but for the rest on the router side...(VPN, WG and ect.) crypto engine is the one from DDWRT side...
So, as a contribution...I can try to ask a nice question...
AS as Temporary solution...(for those with entware)is there a way to use the Entware Libopenssl for everything..and how to redirect/give a path to it....and disable the router old openssl /overlay it may be...? whiteout breaking the shit of... ???
I ve read and tried some stuff, in the past..with no avail...need to look at my records..but not now... i rather wait and see...as a contributor...
As far as those 4 solutions..in the past, Ive checked the rest and only wolf was ok... small, with tls 1.3 support... no idea about its compatibility with WG, VPN, SmartDNS, dnscrypt, hostapd and ect...
I also read https://www.openssl.org/docs/man3.2/man7/migration_guide.html just out of curiosity .. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Mon Mar 04, 2024 13:25; edited 1 time in total
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Mon Feb 26, 2024 14:06 Post subject:
Shocker, all the way around
It's easier to migrate to 1.1.1x (enterprise-only @ $50k USD/yr) with a little trickery and ingenuity (the information is out there, lol). OpenSSL has become money-hungry. And I think the two more recent options have been explored because of the attempt to migrate to 3.0.x, but I can't be sure without digging up an old email thread or re-inquiry, and I'm not entirely keen on either task. YAWN.
EDIT/UPDATE: DD-WRT will most likely be dropping OpenSSL in favor of WolfSSL due to compiled size of OpenSSL 3.x. The current OpenSSL in DD-WRT is modified for cryptography related to specific hardware. If you saw the attempt to import LibreSSL, then you are aware that it was a bust. Further discussion of OpenSSL is moot, save and except for those who wish to use Entware version of OpenSSL, which would make no sense and possibly cause problems, anyway. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net