On Thu, 2012-06-28 at 07:45 +0000, Ghennadi Procopciuc wrote: > We observed that the current implementation contains a client that can > communicate with a DTLS1_BAD_VER server but does not contains the server that > can communicate with a DTLS1_BAD_VER client, so we wrote a patch that enables > OpenSSL to negotiate DTLS1_BAD_VER with itself. ... > Is there interest in this patch ?
Note that DTLS_BAD_VER is the specific pre-standardisation version of DTLS that Cisco used for their AnyConnect VPN. Other than simply being able to test OpenSSL against itself, the only reason I can think of for wanting this would be to make an AnyConnect-compatible server. As it happens, I *have* a trivial AnyConnect-compatible server that I use for testing the OpenConnect client, and adding DTLS support to it would be quite useful. It'd also be nice if someone were to expand it and turn it into a real VPN server (with RADIUS support, etc.) rather than a test hack. So yes, I have a *vague* interest in your patch, although I wasn't intending to work on the server side myself in the near future. Ken (in Cc) may be interested though... -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
