Hi Anthony, > ? for the CRL cases below, does the host need to "drop the connection" for > the CRL updates
The new CRL will currently only have an effect on new connections. So if the certificate of a peer who currently is connected is revoked, this will not have an effect until that peer re-authenticates (i.e. until it creates a new IKE_SA). Regards, Tobias
