On Sat, Nov 11, 2017 at 02:47:58PM +0100, Steffan Karger wrote:
> --- a/src/openvpn/init.c
> +++ b/src/openvpn/init.c
> @@ -2693,7 +2693,20 @@ do_init_crypto_tls(struct context *c, const unsigned
> int flags)
> to.packet_timeout = options->tls_timeout;
> to.renegotiate_bytes = options->renegotiate_bytes;
> to.renegotiate_packets = options->renegotiate_packets;
> - to.renegotiate_seconds = options->renegotiate_seconds;
> + if (options->renegotiate_seconds_min < 0)
> + {
> + /* Add 10% jitter to the reneg-sec of each connection by default */
Maybe change that to "of each server connection".
> + int auto_jitter = options->mode != MODE_SERVER ? 0 :
> + get_random() % max_int(options->renegotiate_seconds / 10, 1);
> + to.renegotiate_seconds = options->renegotiate_seconds - auto_jitter;
> + }
> + else
> + {
> + /* Add user-specific jitter to the renge-sec of each connection */
s/renge/reneg/
> + to.renegotiate_seconds = options->renegotiate_seconds -
> + (get_random() % max_int(options->renegotiate_seconds
> + - options->renegotiate_seconds_min,
> 1));
> + }
> to.single_session = options->single_session;
> to.mode = options->mode;
> to.pull = options->pull;
Regards
Simon
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
