effan Karger wrote:
Hi,
On 26-02-14 21:04, pietrek -- wrote:
I tested what would happen if any key exchange protocol will be specified.
It works as I expected: connection failed with error: 'no such cipher'.
So session cannot work without ECDH and DH.
Also, if OpenSSL would accept it,
n the best curve won't
improve security against such attack.
Server should not fail if user won't specify DH nor ECDH - it just could
fall back into ECDH.
Piotr Jarosz
On 02/25/14 01:39, Steffan Karger wrote:
Hi Piotr,
On 24-02-14 01:28, pietrek -- wrote:
Hi Steffan,
I modified
code option --show-curves, manual entries and EC
curve autodetection.
Piotr Jarosz
On 02/23/14 09:36, Steffan Karger wrote:
Hi Piotr,
On 23-02-14 00:18, pietrek -- wrote:
I added such a comment to the readme.
First of all, thank you for writing the patch and responding to
questions on the mailing
14 14:21, schrieb pietrek --:
On 02/18/14 12:50, Gert Doering wrote:
Hi,
On Tue, Feb 18, 2014 at 12:15:16PM +0100, pietrek -- wrote:
Which parts of the key handshake does it cover?
Signature/Certificates,
or *only* DH?
Handshake only, EC certificates worked for me without doing anything.
Als
On 02/18/14 12:50, Gert Doering wrote:
Hi,
On Tue, Feb 18, 2014 at 12:15:16PM +0100, pietrek -- wrote:
Which parts of the key handshake does it cover? Signature/Certificates,
or *only* DH?
Handshake only, EC certificates worked for me without doing anything.
Also, DH didn't work wi
On 02/18/14 12:50, Gert Doering wrote:
Hi,
On Tue, Feb 18, 2014 at 12:15:16PM +0100, pietrek -- wrote:
Which parts of the key handshake does it cover? Signature/Certificates,
or *only* DH?
Handshake only, EC certificates worked for me without doing anything.
Also, DH didn't work wi
Hi again,
I forget about freeing key after init.
I added a line with it to my patch.
Piotr Jarosz
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 9e21d5a..c8581e3 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -578,6 +578,7 @@ static const char usage_message[
Hi,
Could you describe in a bit more detail what your patch does? I don't
really understand the openssl innards well enough, but am curious.
*If* I understand it correctly, what it does is provide keying material
(ECDH) to support EC for the TLS handshake, right? And there isn't actually
anyt
Hi all,
It's my first contribution, so I could make some mistakes ;)
In attached patch I added ECDH support to openvpn with openssl.
Eliptic Curves generation is, in contrast to Diffie-Hellman very fast,
so I do it on every server initialization.
Piotr Jarosz
diff --git a/src/openvpn/op
