Thanks -----Original Message----- From: Tobias Brunner <[email protected]> Sent: Thursday, May 09, 2019 8:32 AM To: Modster, Anthony <[email protected]>; [email protected] Cc: Amare, Mesfin <[email protected]> Subject: Re: [strongSwan] charon and CRL loading
---External Email--- Hi Anthony, > ? for the CRL cases below, does the host need to "drop the connection" > for the CRL updates The new CRL will currently only have an effect on new connections. So if the certificate of a peer who currently is connected is revoked, this will not have an effect until that peer re-authenticates (i.e. until it creates a new IKE_SA). Regards, Tobias
