On Tue, 1 Sep 2020, Tero Kivinen wrote:
If server configuration is changed to require AES-GCM instead of 3DES
then I think all active tickets needs to be invalidated to make sure
they do not work. Easiest way is to change the ticket encrypting key.
Yes, this is why we (libreswan) add the conec
On Mon, 31 Aug 2020, Benjamin Kaduk wrote:
On Mon, 31 Aug 2020, Tero Kivinen wrote:
That should not matter, the server should not invalidate tickets even
if there is liveness failures, as if it does that every time there is
transient network failure the resumption is useless.
I agree, but th
