[Ach] OpenVPN and ACH
azet at azet.org
Sun Feb 22 15:18:24 CET 2015
Again it seems as though upstream defaults are actually safer than the
configuration we've shipped for more than a year in our document. I did
not know that OpenVPN these days does duplexing of the encrypted traffic
into a TLS control channel and a data channel that uses
encrypt-then-mac; I also cannot recall any discussion on this list or
meetings w.r.t. to OpenVPN protocol internals.
I'm OK with putting OpenVPN back in the document given that we honor
upstream defaults and simply set our cipherstring for the TLS control
Any comments? Anybody willing to adapt this section -- I won't do a
revert because the old section was clearly erroneous.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Ach