Hi, On Tue, Feb 25, 2014 at 01:39:11AM +0100, Steffan Karger wrote: > > I added warning if DH isn't specified - old client may not support ECDH. > > Autodetecting ecdh is a good idea - I made option ecdh=auto. > > On the long run I agree that a warning should suffice, but for now I > would really like to stick with forcing the DH-file to be present. Lots > of people using OpenVPN do not understand the crypto or configuration > options properly, but do rely on it for secure communication. As long as > EC-crypto is not common, I prefer to make sure OpenVPN can always fall > back on DH.
+1
[..]
> Although there is apparently more work to do to get more cipher suites
> working, this does give us a start on working with EC-crypto. Maybe this
> part can go in (once ACK'ed) as 'the start of EC-support', so more
> people can help improve the code. Any other opinions on this?
- easy to understand and a bit more detailed README
- ACK from a "trusted contributor" (read: someone who has worked on the
OpenVPN crypto code before and knows the pitfalls)
then I'm fine with it
- PolarSSL...?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp4012OUpveL.pgp
Description: PGP signature
