Hi,
thanks for writing the patch.
I'd like to propose to add a comment to the readme regarding the use of
ECDH instead of DH without using an EC certificate, because that
currently is not mentioned in it.
Thanks,
M. Braun
Am 19.02.2014 14:21, schrieb pietrek --:
> On 02/18/14 12:50, Gert
On 02/18/14 12:50, Gert Doering wrote:
Hi,
On Tue, Feb 18, 2014 at 12:15:16PM +0100, pietrek -- wrote:
Which parts of the key handshake does it cover? Signature/Certificates,
or *only* DH?
Handshake only, EC certificates worked for me without doing anything.
Also, DH didn't work with EC
Hi again,
I forget about freeing key after init.
I added a line with it to my patch.
Piotr Jarosz
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 9e21d5a..c8581e3 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -578,6 +578,7 @@ static const char
Hi,
Could you describe in a bit more detail what your patch does? I don't
really understand the openssl innards well enough, but am curious.
*If* I understand it correctly, what it does is provide keying material
(ECDH) to support EC for the TLS handshake, right? And there isn't actually
Hi Piotr,
On 18-02-14 01:35, pietrek -- wrote:
> It's my first contribution, so I could make some mistakes ;)
Thank you!
> In attached patch I added ECDH support to openvpn with openssl.
> Eliptic Curves generation is, in contrast to Diffie-Hellman very fast,
> so I do it on every server
Hiya,
On Tue, Feb 18, 2014 at 01:35:40AM +0100, pietrek -- wrote:
> It's my first contribution, so I could make some mistakes ;)
> In attached patch I added ECDH support to openvpn with openssl.
> Eliptic Curves generation is, in contrast to Diffie-Hellman very fast,
> so I do it on every server
Hi all,
It's my first contribution, so I could make some mistakes ;)
In attached patch I added ECDH support to openvpn with openssl.
Eliptic Curves generation is, in contrast to Diffie-Hellman very fast,
so I do it on every server initialization.
Piotr Jarosz
diff --git