Hi Gert,
Gert Doering wrote:
Hi,
On Thu, Aug 01, 2013 at 12:02:55PM +0200, Jan Just Keijser wrote:
It should be possible to add negotiation without completely breaking
backwards compatibility; right now, when a server pushes an option to
the client that is unrecognized the client will print a warning but it
will not abort. This could be used to push a 'negotation request' - if
the client responds then a negotation phase can start , during which the
encryption key, hashing cipher, MTU settings etc can be negotiated. If
the client does not respond the server would need to assume that it's a
2.3 or older client.
Maybe I'm a bit naive, but since the data layer cipher is independent of
the TLS cipher anyway, can't we just "push cipher xxx"?
Or is push/pull crypted with the data layer cipher?
good question and one that I've asked myself as well - there seems to
be something funny going on with the data layer cipher (or auth parm) .
I remember that I tried making the cipher and auth settings pushable and
failed miserably. The flow of when and how the data cipher (and digest)
are set up seems to be complicated and may happen (partially) *before*
the options are pushed.
Perhaps someone else (JamesY?) can comment on this.
cheers,
JJK
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
