subject:"\[Openvpn\-devel\] \[PATCH 3\/3\] Introduce dynamic tls\-crypt for secure soft_reset\/session renegotiation"

Re: [Openvpn-devel] [PATCH 3/3] Introduce dynamic tls-crypt for secure soft_reset/session renegotiation

2022-10-18 Thread Arne Schwabe

--- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -8553,6 +8553,10 @@ add_option(struct options *options, { options->imported_protocol_flags |= CO_USE_TLS_KEY_MATERIAL_EXPORT; } +else if (streq(p[j], "secure-renog")) Should be rewritten

Re: [Openvpn-devel] [PATCH 3/3] Introduce dynamic tls-crypt for secure soft_reset/session renegotiation

2022-10-17 Thread Heiko Hund

On Freitag, 9. September 2022 21:59:02 CEST Arne Schwabe wrote: > --- a/src/openvpn/multi.c > +++ b/src/openvpn/multi.c > @@ -1803,6 +1803,10 @@ multi_client_set_protocol_options(struct context *c) > { > o->imported_protocol_flags |= CO_USE_TLS_KEY_MATERIAL_EXPORT; > } > +if

[Openvpn-devel] [PATCH 3/3] Introduce dynamic tls-crypt for secure soft_reset/session renegotiation

2022-09-09 Thread Arne Schwabe

Currently we have only one slot for renegotiation of the session/keys If a replayed/faked packet is inserted by a malicous attacker, the legimate peer cannot renegotiate anymore. This commit introduces dynamic tls-crypt. When both peer support this feature, both peer create a dynamic tls-crypt