Hi, On Sat, Feb 25, 2017 at 08:40:14AM +0800, Antonio Quartulli wrote: > When the auth-token option is pushed from the server to the client, > the latter has to ignore the auth-nocache directive (if specified). > > The password will now be substituted by the unique token, therefore > it can't be wiped out, otherwise the next renegotiation will fail.
Without looking at the patch itself - is this suitable material for
inclusion in 2.3? We do have quite a few "slow adopters" - and this
is a very useful feature to mitigate SWEET32 in 2FA environments...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
