Hi, On Thu, Aug 01, 2013 at 12:02:55PM +0200, Jan Just Keijser wrote: > It should be possible to add negotiation without completely breaking > backwards compatibility; right now, when a server pushes an option to > the client that is unrecognized the client will print a warning but it > will not abort. This could be used to push a 'negotation request' - if > the client responds then a negotation phase can start , during which the > encryption key, hashing cipher, MTU settings etc can be negotiated. If > the client does not respond the server would need to assume that it's a > 2.3 or older client.
Maybe I'm a bit naive, but since the data layer cipher is independent of
the TLS cipher anyway, can't we just "push cipher xxx"?
Or is push/pull crypted with the data layer cipher?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpdRHYdKE7DI.pgp
Description: PGP signature
------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
