Hi all,
It's my first contribution, so I could make some mistakes ;)
In attached patch I added ECDH support to openvpn with openssl.
Eliptic Curves generation is, in contrast to Diffie-Hellman very fast,
so I do it on every server initialization.
Piotr Jarosz
diff --git a/src/openvpn/op
Hi,
Could you describe in a bit more detail what your patch does? I don't
really understand the openssl innards well enough, but am curious.
*If* I understand it correctly, what it does is provide keying material
(ECDH) to support EC for the TLS handshake, right? And there isn't actually
anyt
Hi again,
I forget about freeing key after init.
I added a line with it to my patch.
Piotr Jarosz
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 9e21d5a..c8581e3 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -578,6 +578,7 @@ static const char usage_message[
On 02/18/14 12:50, Gert Doering wrote:
Hi,
On Tue, Feb 18, 2014 at 12:15:16PM +0100, pietrek -- wrote:
Which parts of the key handshake does it cover? Signature/Certificates,
or *only* DH?
Handshake only, EC certificates worked for me without doing anything.
Also, DH didn't work wi
On 02/18/14 12:50, Gert Doering wrote:
Hi,
On Tue, Feb 18, 2014 at 12:15:16PM +0100, pietrek -- wrote:
Which parts of the key handshake does it cover? Signature/Certificates,
or *only* DH?
Handshake only, EC certificates worked for me without doing anything.
Also, DH didn't work wi
14 14:21, schrieb pietrek --:
On 02/18/14 12:50, Gert Doering wrote:
Hi,
On Tue, Feb 18, 2014 at 12:15:16PM +0100, pietrek -- wrote:
Which parts of the key handshake does it cover?
Signature/Certificates,
or *only* DH?
Handshake only, EC certificates worked for me without doing anything.
Als
code option --show-curves, manual entries and EC
curve autodetection.
Piotr Jarosz
On 02/23/14 09:36, Steffan Karger wrote:
Hi Piotr,
On 23-02-14 00:18, pietrek -- wrote:
I added such a comment to the readme.
First of all, thank you for writing the patch and responding to
questions on the mailing
n the best curve won't
improve security against such attack.
Server should not fail if user won't specify DH nor ECDH - it just could
fall back into ECDH.
Piotr Jarosz
On 02/25/14 01:39, Steffan Karger wrote:
Hi Piotr,
On 24-02-14 01:28, pietrek -- wrote:
Hi Steffan,
I modified
effan Karger wrote:
Hi,
On 26-02-14 21:04, pietrek -- wrote:
I tested what would happen if any key exchange protocol will be specified.
It works as I expected: connection failed with error: 'no such cipher'.
So session cannot work without ECDH and DH.
Also, if OpenSSL would accept it,
