Is it possible to use TLS mode without having to maintain a CA? The system I'm working with is automated and distributed and coding the signing of keys means the CA would have to be online at all times. Something I'd rather not code to protect.
So, again, can static keys be updated without service interruption? On Tue, Sep 1, 2015 at 10:37 AM, Steffan Karger <stef...@karger.me> wrote: > > On 1 Sep 2015 07:33, "Ryan Whelan" <rcwhe...@gmail.com> wrote: >> >> Is there a way to rekey a static key connection without interrupting >> traffic? >> >> If I can generate and securely distribute new static keys (out of >> band) on regular intervals, is there a way to make openvpn start using >> the new keys without dropping traffic? > > Yes, just use TLS mode. That is exactly what is was created for. > > -Steffan ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
