[GIT PULL V2] Fixes for rekeying, Android builds, etc.
David Woodhouse
dwmw2 at infradead.org
Tue Feb 18 06:05:05 EST 2014
On Tue, 2014-02-18 at 09:09 +0100, Nikos Mavrogiannopoulos wrote:
> I've updated that. I've tried to fix the open issues, and make it a bit more
> resistant to failures (if DTLS rehandshake it will now reconnect).
Hm, remember we don't really do a DTLS handshake at all; we bypass it
with a preset master key and session-id, and just do a session resume.
Does a re-"handshake" really do anything to change the underlying random
numbers and improve security? I know, I *implemented* this session
resume in GnuTLS. But I forget the details. Quite deliberately so :)
Also, should the CSTP rehandshake method be predicated on secure
renegotiation being available?
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140218/e2432d1b/attachment.bin>
More information about the openconnect-devel
mailing list