Hi,

On Thu, Apr 21, 2016 at 10:27:50PM +0200, Jan Just Keijser wrote:
> there are a few notes about this patch:
> 
> - I've tested it on Linux only
> - it works when pushing both --cipher andi/or --auth
> - works by re-doing part of the encryption setup (you'll see some 
> messages fly by twice )
> - pushing an HMAC (e.g. push "auth SHA256"") does **not** work in 
> combination with --tls-auth: when tls-auth is used all incoming packets 
> are signed using the "original" HMAC cipher and you won't even get to 
> the "push" stage to get the correct cipher.

Does it work on the server side, that is, having a ccd/ file or script
that tells the server "cipher <foo>" for a given client?

Otherwise: impressive :-) (I leave the actual code review to Steffan)

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: signature.asc
Description: PGP signature

Reply via email to