--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -8553,6 +8553,10 @@ add_option(struct options *options,
{
options->imported_protocol_flags |=
CO_USE_TLS_KEY_MATERIAL_EXPORT; }
+else if (streq(p[j], "secure-renog"))
Should be rewritten
On Freitag, 9. September 2022 21:59:02 CEST Arne Schwabe wrote:
> --- a/src/openvpn/multi.c
> +++ b/src/openvpn/multi.c
> @@ -1803,6 +1803,10 @@ multi_client_set_protocol_options(struct context *c)
> {
> o->imported_protocol_flags |= CO_USE_TLS_KEY_MATERIAL_EXPORT;
> }
> +if
Currently we have only one slot for renegotiation of the session/keys
If a replayed/faked packet is inserted by a malicous attacker, the
legimate peer cannot renegotiate anymore.
This commit introduces dynamic tls-crypt. When both peer support this
feature, both peer create a dynamic tls-crypt