Re: [Openvpn-devel] OpenVPN Versioning

On 18/06/2013 01:41, Joachim Schipper wrote: From: James Yonan : On 14/06/2013 02:47, Joachim Schipper wrote: >From James Yonan : TLS Protocol Since day 1, OpenVPN has used TLS 1.0 as a control channel and key exchange mechanism. But now we

Re: [Openvpn-devel] OpenVPN Versioning

On 17/06/2013 01:58, Steffan Karger wrote: On 06/14/2013 09:53 PM, James Yonan wrote: To get the adaptive versioning behavior in OpenSSL, you have to use SSLv23_server_method() or SSLv23_client_method() and then explicitly disable the versions you don't want to consider, i.e. SSL_OP_NO_SSLv2,

Re: [Openvpn-devel] OpenVPN Versioning

From: James Yonan : > On 14/06/2013 02:47, Joachim Schipper wrote: > >>From James Yonan : > >> TLS Protocol > >> > >> > >> Since day 1, OpenVPN has used TLS 1.0 as a control channel and key > >> exchange mechanism. But now we have TLS 1.1 and

Re: [Openvpn-devel] OpenVPN Versioning

On 06/14/2013 09:53 PM, James Yonan wrote: > To get the adaptive versioning behavior in OpenSSL, you have to use > SSLv23_server_method() or SSLv23_client_method() and then explicitly > disable the versions you don't want to consider, i.e. SSL_OP_NO_SSLv2, > SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1,

Re: [Openvpn-devel] OpenVPN Versioning

>From James Yonan : > TLS Protocol > > > Since day 1, OpenVPN has used TLS 1.0 as a control channel and key > exchange mechanism. But now we have TLS 1.1 and 1.2, each of which > addresses significant shortcomings in its predecessor. Fortunately, > SSL/TLS already

Re: [Openvpn-devel] OpenVPN Versioning

On 12/06/2013 15:08, Arne Schwabe wrote: Am 12.06.13 21:38, schrieb James Yonan: About finding out which cipher client and server use. I am not really familiar with this code so forgive my stupid question. TLS somehow also does this "select the best cipher to use" dance. Why can't we use the