Re: [Openvpn-devel] TLS (SSL) handshake upon reconnecting

On 14/03/2014 05:53, Steffan Karger wrote: Hi, On 03/13/2014 10:37 PM, Abdullah Alshalan wrote: > Hi, > I have a few questions about OpenVPN and I would appreciate if you can answer whatever you can. I'll give it a try. I assume these questions relate to the 'Triple Handshake'-attack (https:

[Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

OpenVPN doesn't want or need SSL session renegotiation or resumption, as it handles renegotiation on its own. For this reason, OpenVPN always disables the SSL session cache: SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF) However, even with the above code, stateless session resumption i

Re: [Openvpn-devel] [PATCH] Flood unicast packet with unknown destination to all clients

11.03.2014, 16:16, "Vladimir Kamarzin" : > Here is corrected patch for master. What about this patch? It was in attachment.

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

Hi, On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote: > OpenVPN doesn't want or need SSL session renegotiation or > resumption, as it handles renegotiation on its own. > > For this reason, OpenVPN always disables the SSL session cache: > > SSL_CTX_set_session_cache_mode (ctx, SSL_SESS

Re: [Openvpn-devel] [PATCH] Flood unicast packet with unknown destination to all clients

Hi, On Mon, Mar 17, 2014 at 11:06:33AM +0600, Vladimir Kamarzin wrote: > 11.03.2014, 16:16, "Vladimir Kamarzin" : > > Here is corrected patch for master. > What about this patch? It was in attachment. Sorry, sometimes it takes a while for stuff to get reviewed. I was out with a bad case of flu a

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

Hi, > -Original Message- > From: Gert Doering [mailto:g...@greenie.muc.de] > Sent: maandag 17 maart 2014 9:34 > Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL > context for OpenSSL builds, to disable TLS stateless session > resumption. > > Hi, > > On Sun, Mar 16, 2

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

Hi, > -Original Message- > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > Sent: maandag 17 maart 2014 11:40 > Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL > context for OpenSSL builds, to disable TLS stateless session > resumption. > > On 17/03/14

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

On 17/03/14 11:08, Steffan Karger wrote: > Hi, > >> -Original Message- >> From: Gert Doering [mailto:g...@greenie.muc.de] >> Sent: maandag 17 maart 2014 9:34 >> Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL >> context for OpenSSL builds, to disable TLS stateless ses

[Openvpn-devel] [PATCH] Fix warning for max-routes: do not quit when parsing an old configuration. Format the message to be more like the other deprecated options

--- src/openvpn/options.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index ef6170c..d69e28f 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -5225,8 +5225,10 @@ add_option (struct options *options, }

[Openvpn-devel] [PATCH] Introduce safety check for http proxy options

--- src/openvpn/options.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index d69e28f..d4c8196 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1986,6 +1986,9 @@ options_postprocess_verify_ce (const struct options *options,

[Openvpn-devel] [PATCH applied] Re: Introduce safety check for http proxy options

ACK. Patch has been applied to the master and release/2.3 branches. commit 087b510365d9aad8f656a8fb0cc07d51511be9d0 (master) commit 74d53c9bf986d835e1862aa3989fac186b5d76f3 (release/2.3) Author: Arne Schwabe List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Mar 17 13:56:53 2014 +0100

[Openvpn-devel] [PATCH applied] Re: Fix warning for max-routes: do not quit when parsing an old configuration. Format the message to be more like the other deprecated options

ACK. Patch has been applied to the master branch (no reason to apply to 2.3 as it fixes a change introduced in master only). commit 4affd9c98636e6c83aad4f0e7859a29f66898b72 (master) Author: Arne Schwabe List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Mar 17 13:45:45 2014 +0100 Fi

[Openvpn-devel] [PATCH applied] Re: Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

Your patch has been applied to the master and release/2.3 branches. commit 25f4d4b49bff342fd9dd54cd22f14c9de49e9f8b (master) commit 058e889d186c616c648802da2eadf0380086bd6e (release/2.3) Author: James Yonan List-Post: openvpn-devel@lists.sourceforge.net Date: Sun Mar 16 18:49:36 2014 -0600

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

Hi, On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote: > However, even with the above code, stateless session resumption > is still possible unless explicitly disabled with the > SSL_OP_NO_TICKET flag. This patch does this. This actually raises an interesting question. My OpenSolaris

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

On 17/03/2014 14:29, Gert Doering wrote: Hi, On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote: However, even with the above code, stateless session resumption is still possible unless explicitly disabled with the SSL_OP_NO_TICKET flag. This patch does this. This actually raises an