Hi, On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote: > OpenVPN doesn't want or need SSL session renegotiation or > resumption, as it handles renegotiation on its own. > > For this reason, OpenVPN always disables the SSL session cache: > > SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF) > > However, even with the above code, stateless session resumption > is still possible unless explicitly disabled with the > SSL_OP_NO_TICKET flag. This patch does this.
I assume this should go into all OpenVPN branches, that is, master, 2.3, and
if we ever do another 2.2, into that one as well?
(not ACKing or NAKing the patch itself, this is not my field of expertise)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp_8BVLIlpfA.pgp
Description: PGP signature
