On 25/05/18 09:41, Simon Rozman wrote:
> Hi,
>
>>> Private and public key are still used. The patch stil uses
>>> certificates and TLS, it only replaces the check certificate of the
>>> peer's certificate against the CA with a hash check (certificate
>>> pinning if you want).
>>>
>>> So basicall
Hi David,
Oops .. yes I meant --ecdh-curve
and yes, i searched the manual for --ec-curve
so no surprise I did not find it ..
Anyway, there is a complete paste including cofigs here:
https://paste.fedoraproject.org/paste/tIyiqTzjcPqZWWLjqEZtVw
If you prefer I can record this on trac.
Thanks
O
Hi,
On 25/05/18 03:41, Simon Rozman wrote:
Private and public key are still used. The patch stil uses
certificates and TLS, it only replaces the check certificate of the
peer's certificate against the CA with a hash check (certificate
pinning if you want).
So basically instead of saying that yo
Hi,
On Fri, Apr 27, 2018 at 08:26:40PM +, Jon Kunkee via Openvpn-devel wrote:
> While working on ARM64 tap-windows6, I came up with this quick fix for a
> minor issue recently reported via IRC.
>
> This is also a Github PR:
> https://github.com/OpenVPN/tap-windows6/pull/51
>
> (The ARM64 wo
Hi,
On Fri, May 25, 2018 at 9:51 AM, Jan Just Keijser wrote:
> Hi,
>
> On 25/05/18 03:41, Simon Rozman wrote:
Private and public key are still used. The patch stil uses
certificates and TLS, it only replaces the check certificate of the
peer's certificate against the CA with a
Hi Selva,
On 25/05/18 16:07, Selva Nair wrote:
On Fri, May 25, 2018 at 9:51 AM, Jan Just Keijser wrote:
On 25/05/18 03:41, Simon Rozman wrote:
Private and public key are still used. The patch stil uses
certificates and TLS, it only replaces the check certificate of the
peer's certificate agai
Hi,
> > JJK, I think you are misreading this proposal. No hash is being sent
> > as a part of the handshake -- its still client and server
> > certificates that are exchanged and checked during handshake. The hash
> > is exchanged by a separate channel (say snail mail:) in advance, and
> > serves
Hi,
> What does this accomplish you can’t just basically do with —client-cert-not-
> required?
I am using --client-cert-not-required already. :)
But that simplifies only the client half of the equation.
TLS server will always need a certificate. And client will always need to
verify it to prev
What does this accomplish you can’t just basically do with
—client-cert-not-required?
Eric Crist
> On May 25, 2018, at 3:56 PM, Simon Rozman wrote:
>
> Hi,
>
>>> JJK, I think you are misreading this proposal. No hash is being sent
>>> as a part of the handshake -- its still client and server
