Hiya, On Tue, Feb 18, 2014 at 01:35:40AM +0100, pietrek -- wrote: > It's my first contribution, so I could make some mistakes ;) > In attached patch I added ECDH support to openvpn with openssl. > Eliptic Curves generation is, in contrast to Diffie-Hellman very fast, > so I do it on every server initialization.
Could you describe in a bit more detail what your patch does? I don't
really understand the openssl innards well enough, but am curious.
*If* I understand it correctly, what it does is provide keying material
(ECDH) to support EC for the TLS handshake, right? And there isn't actually
anything in OpenVPN needed (besides provide keying material) as that's
all "inside OpenSSL".
So how do you create the key material?
Which parts of the key handshake does it cover? Signature/Certificates,
or *only* DH?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpA7rdC_h1Wa.pgp
Description: PGP signature
