Yes indeed. Much appreciated James.
Matt.
Dunc wrote:
I see,
Thanks very much for clearing that up James.
Cheers,
Dunc
James Yonan wrote:
Well the problem is that even though OpenVPN doesn't rely on OpenSSL
renegotiations, it does not explicitly disable them. So to be safe,
it's better
I see,
Thanks very much for clearing that up James.
Cheers,
Dunc
James Yonan wrote:
> Well the problem is that even though OpenVPN doesn't rely on OpenSSL
> renegotiations, it does not explicitly disable them. So to be safe,
> it's better to upgrade to the fixed version of OpenSSL (0.9.8l).
Well the problem is that even though OpenVPN doesn't rely on OpenSSL
renegotiations, it does not explicitly disable them. So to be safe,
it's better to upgrade to the fixed version of OpenSSL (0.9.8l).
Also note that using tls-auth prevents the cited MITM attack
(CVE-2009-3555) even when usin
Hi James,
Thanks for getting back to me.
I was starting to wonder the same myself, but when I found this thread
http://article.gmane.org/gmane.network.openvpn.user/28105
I thought I must be missing something.
So if OpenVPN always uses a new session, what would be the point of
adding an option
OpenVPN uses a fresh SSL/TLS session for each of its mid-session
renegotiations. This means that when you see:
TLS: soft reset sec=0 bytes=314/0 pkts=6/0
OpenVPN is actually creating a brand new SSL/TLS session. So the
important point here is that OpenVPN does not rely on the session
rene
Hi all,
Apologies in advance if I'm just not understanding something here.
Following on from the recent SSL renegotiation problem, we're assessing
what we should do with all our SSL services, and as we use OpenVPN in
several places, this is on the list.
I thought that OpenVPN does renegotiations