small fixes
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Mon Oct 27 05:27:17 PDT 2014
On Mon, Oct 27, 2014 at 11:53 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
> It *was* intentional, I believe. There were firewalls which appeared to
> be rejecting our ClientHello if we tried *any* extensions, and Cisco
> showed no sign of actually supporting safe renegotiation anyway. At the
> time of commit 91867b12 I think I may even have remembered where one of
> them was and been able to test! :)
> The situation has changed since then, though. AIUI we think we have a
> handle on the offending firewalls and can use extensions *anyway* with
> appropriate padding to avoid 'bad' packet sizes, and ∃ ocserv which
> *can* do safe renegotiation.
> So perhaps we can enable it again. But is there any reason for doing
> renegotiation in the CSTP protocol, whether safe or otherwise?
Renegotiation prevents tearing the connection down and setting up
again. That is no downtime, except for a small delay during
renegotiation.
regards,
Nikos
More information about the openconnect-devel
mailing list