Hi, On Thu, Apr 21, 2016 at 10:27:50PM +0200, Jan Just Keijser wrote: > there are a few notes about this patch: > > - I've tested it on Linux only > - it works when pushing both --cipher andi/or --auth > - works by re-doing part of the encryption setup (you'll see some > messages fly by twice ) > - pushing an HMAC (e.g. push "auth SHA256"") does **not** work in > combination with --tls-auth: when tls-auth is used all incoming packets > are signed using the "original" HMAC cipher and you won't even get to > the "push" stage to get the correct cipher.
Does it work on the server side, that is, having a ccd/ file or script that tells the server "cipher <foo>" for a given client? Otherwise: impressive :-) (I leave the actual code review to Steffan) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature