Hi, On 26/03/2021 17:05, Arne Schwabe wrote: > Renegotiations have been troublesome in the past and also the recent OpenSSL > security problem (CVE-2021-3449) is only exploitable if TLS renegotiation > is enabled. > > mbed TLS disables it by default and says in the documentation: > > Warning: It is recommended to always disable renegotation unless you know you > need it and you know what you're doing. In the past, there have been > several issues associated with renegotiation or a poor understanding of > its properties. > > TLS renegotiation can be used to restart a session with diffferent
too many f > parameters (e.g. now with client certs). This somethign that OpenVPN does somethign -> something > not use. > > Furthermore because of all these problems, also TLS 1.3 completely > drops support for renegotiations. > > Patch V2: Improve commments and commit message too many m :D > > Signed-off-by: Arne Schwabe <a...@rfc2549.org> Acked-by: Antonio Quartulli <anto...@openvpn.net> Basic connection tests passed, with OpenVPN renegotiations performed with no issue. -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
