On 17/03/2014 14:29, Gert Doering wrote:
Hi,
On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote:
However, even with the above code, stateless session resumption
is still possible unless explicitly disabled with the
SSL_OP_NO_TICKET flag. This patch does this.
This actually raises an
Hi,
On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote:
> However, even with the above code, stateless session resumption
> is still possible unless explicitly disabled with the
> SSL_OP_NO_TICKET flag. This patch does this.
This actually raises an interesting question. My OpenSolaris
Your patch has been applied to the master and release/2.3 branches.
commit 25f4d4b49bff342fd9dd54cd22f14c9de49e9f8b (master)
commit 058e889d186c616c648802da2eadf0380086bd6e (release/2.3)
Author: James Yonan
List-Post: openvpn-devel@lists.sourceforge.net
Date: Sun Mar 16 18:49:36 2014 -0600
ACK. Patch has been applied to the master branch (no reason to apply to 2.3
as it fixes a change introduced in master only).
commit 4affd9c98636e6c83aad4f0e7859a29f66898b72 (master)
Author: Arne Schwabe
List-Post: openvpn-devel@lists.sourceforge.net
Date: Mon Mar 17 13:45:45 2014 +0100
Fi
ACK. Patch has been applied to the master and release/2.3 branches.
commit 087b510365d9aad8f656a8fb0cc07d51511be9d0 (master)
commit 74d53c9bf986d835e1862aa3989fac186b5d76f3 (release/2.3)
Author: Arne Schwabe
List-Post: openvpn-devel@lists.sourceforge.net
Date: Mon Mar 17 13:56:53 2014 +0100
---
src/openvpn/options.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index d69e28f..d4c8196 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1986,6 +1986,9 @@ options_postprocess_verify_ce (const struct options
*options,
---
src/openvpn/options.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index ef6170c..d69e28f 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -5225,8 +5225,10 @@ add_option (struct options *options,
}
On 17/03/14 11:08, Steffan Karger wrote:
> Hi,
>
>> -Original Message-
>> From: Gert Doering [mailto:g...@greenie.muc.de]
>> Sent: maandag 17 maart 2014 9:34
>> Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL
>> context for OpenSSL builds, to disable TLS stateless ses
Hi,
> -Original Message-
> From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net]
> Sent: maandag 17 maart 2014 11:40
> Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL
> context for OpenSSL builds, to disable TLS stateless session
> resumption.
>
> On 17/03/14
Hi,
> -Original Message-
> From: Gert Doering [mailto:g...@greenie.muc.de]
> Sent: maandag 17 maart 2014 9:34
> Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL
> context for OpenSSL builds, to disable TLS stateless session
> resumption.
>
> Hi,
>
> On Sun, Mar 16, 2
Hi,
On Mon, Mar 17, 2014 at 11:06:33AM +0600, Vladimir Kamarzin wrote:
> 11.03.2014, 16:16, "Vladimir Kamarzin" :
> > Here is corrected patch for master.
> What about this patch? It was in attachment.
Sorry, sometimes it takes a while for stuff to get reviewed. I was out
with a bad case of flu a
Hi,
On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote:
> OpenVPN doesn't want or need SSL session renegotiation or
> resumption, as it handles renegotiation on its own.
>
> For this reason, OpenVPN always disables the SSL session cache:
>
> SSL_CTX_set_session_cache_mode (ctx, SSL_SESS
11.03.2014, 16:16, "Vladimir Kamarzin" :
> Here is corrected patch for master.
What about this patch? It was in attachment.
OpenVPN doesn't want or need SSL session renegotiation or
resumption, as it handles renegotiation on its own.
For this reason, OpenVPN always disables the SSL session cache:
SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF)
However, even with the above code, stateless session resumption
i
On 14/03/2014 05:53, Steffan Karger wrote:
Hi,
On 03/13/2014 10:37 PM, Abdullah Alshalan wrote:
> Hi,
> I have a few questions about OpenVPN and I would appreciate if you
can answer whatever you can.
I'll give it a try. I assume these questions relate to the 'Triple
Handshake'-attack (https:
15 matches
Mail list logo