[GIT PULL] DTLS and other improvements to openconnect
David Woodhouse
dwmw2 at infradead.org
Mon Feb 3 08:41:10 EST 2014
On Sun, 2014-02-02 at 12:10 +0100, Nikos Mavrogiannopoulos wrote:
> I've rewritten the patches for DTLS and other improvements to
> openconnect.
>
> They are now rebased on the current master, and allow elliptic curves
> with gnutls 3.2.9 or later where the issue with the F5 firewall
> is addressed using the %COMPAT keyword (I've also added some text
> discussing the issue).
>
> Still the most important addition is the support for AES-GCM, which is
> not only better to AES-CBC due to side-channels, but is also more
> UDP-friendly as it requires no padding and has a shorter nonce.
>
> They are available from:
> git://gitorious.org/openconnect-x/openconnect-x.git privacy-improvements
Please add the --pfs option to the man page too. And shouldn't it affect
the DTLS setup too? It probably also wants an openconnect_set_pfs()
function in the library, since we now support actually making
connections from the library too?
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140203/8789773b/attachment-0001.bin>
More information about the openconnect-devel
mailing list