-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/05/14 05:05, david wrote: > >> -----Original Message----- From: Gert Doering >> [mailto:g...@greenie.muc.de] Sent: Monday, 5 May 2014 5:51 AM To: >> Jonathan Tripathy Cc: openvpn-users@lists.sourceforge.net >> Subject: Re: [Openvpn-users] doubts about possible sniffing >> >> Of course not. The session key is negotiated between client and >> the server as part of the TLS handshake, and is unique for each >> client. > > Sure, but there is nothing "of course" about it. The server key > might be pinned, and the client might be using a static key for its > "unique" value.
You cannot have multiple clients connected at the same time with static keys. To use static keys, OpenVPN must be configured as peer-to-peer, and not peer-to-multi-peer (--client/--server). - -- kind regards, David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlNn0YcACgkQDC186MBRfroCRACeMTuT5RrUUZkmWKlL9/ggtUwi HZkAoIf5yV7OlVshaSSW+Jd+bOBdKr4S =q3yc -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
