Yes indeed. Much appreciated James.
Matt.
Dunc wrote:
I see,
Thanks very much for clearing that up James.
Cheers,
Dunc
James Yonan wrote:
Well the problem is that even though OpenVPN doesn't rely on OpenSSL
renegotiations, it does not explicitly disable them. So to be safe,
it's better
I see,
Thanks very much for clearing that up James.
Cheers,
Dunc
James Yonan wrote:
> Well the problem is that even though OpenVPN doesn't rely on OpenSSL
> renegotiations, it does not explicitly disable them. So to be safe,
> it's better to upgrade to the fixed version of OpenSSL (0.9.8l).
Well the problem is that even though OpenVPN doesn't rely on OpenSSL
renegotiations, it does not explicitly disable them. So to be safe,
it's better to upgrade to the fixed version of OpenSSL (0.9.8l).
Also note that using tls-auth prevents the cited MITM attack
(CVE-2009-3555) even when usin
Hi James,
Thanks for getting back to me.
I was starting to wonder the same myself, but when I found this thread
http://article.gmane.org/gmane.network.openvpn.user/28105
I thought I must be missing something.
So if OpenVPN always uses a new session, what would be the point of
adding an option
OpenVPN uses a fresh SSL/TLS session for each of its mid-session
renegotiations. This means that when you see:
TLS: soft reset sec=0 bytes=314/0 pkts=6/0
OpenVPN is actually creating a brand new SSL/TLS session. So the
important point here is that OpenVPN does not rely on the session
rene
