[PULL request] distinguish between different rekey methods
David Woodhouse
dwmw2 at infradead.org
Tue Feb 11 11:39:07 EST 2014
On Tue, 2014-02-11 at 16:35 +0100, Nikos Mavrogiannopoulos wrote:
>
> I think that the "ssl" rekey option of anyconnect suits better the
> design of ocserv, as it allows for seamless rekey of both channels
> (without breaking the connection). However, openconnect always assumes
> the new-tunnel rekey method, and with this patch it is made aware of
> the different options (and currently simply ignore the ones that are
> unsupported).
Do we actually know how the 'ssl' rekey method works for DTLS and CSTP
with a Cisco server?
Previously, if the server asked for them, we'd fall back to tearing down
the connection and making a new one (the 'new-tunnel' method). Now we do
nothing... isn't that going to cause a problem?
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140211/353f6725/attachment.bin>
More information about the openconnect-devel
mailing list