On 05/04/17 23:43, Илья Шипицин wrote: > hello! > > just curious how renegotiation is handled in "https" ? > is it "an abbrevated ssl handshake" (RFC 2246) or ... ?
The HTTPS and OpenVPN protocol is not comparable in this regard at all. AFAIR, OpenVPN does not make use of the TLS renegotiation possibility at all. So a renegotiation in OpenVPN actually results in a completely new and fresh TLS session, not related to previous TLS sessions at all. -- kind regards, David Sommerseth OpenVPN Technologies, Inc > 2017-04-06 2:39 GMT+05:00 David Sommerseth > <open...@sf.lists.topphemmelig.net > <mailto:open...@sf.lists.topphemmelig.net>>: > > On 05/04/17 23:13, debbie10t wrote: > > I don't believe there is any need to specify "max" because that would be > > --reneg-sec as is. Otherwise specify a smaller or larger --reneg-sec > > I think you, probably without being aware of it, are agreeing to what > the current proposal is: > > --reneg-sec max > A renegotiation happens within 'max' seconds, but with a 10%-ish > randomness > > --reneg-sec min max > A renegotiation happens within 'min' and 'max' seconds, fully > controllable > > So using --reneg-sec 3600 3600, effectively removes the randomness. > > > -- > kind regards, > > David Sommerseth > OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
