[Ach] OpenVPN and ACH
Aaron Zauner
azet at azet.org
Sun Feb 22 15:18:24 CET 2015
Hi,
See:
https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575
Again it seems as though upstream defaults are actually safer than the
configuration we've shipped for more than a year in our document. I did
not know that OpenVPN these days does duplexing of the encrypted traffic
into a TLS control channel and a data channel that uses
encrypt-then-mac; I also cannot recall any discussion on this list or
meetings w.r.t. to OpenVPN protocol internals.
I'm OK with putting OpenVPN back in the document given that we honor
upstream defaults and simply set our cipherstring for the TLS control
channel.
Any comments? Anybody willing to adapt this section -- I won't do a
revert because the old section was clearly erroneous.
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150222/b66080cc/attachment.sig>
More information about the Ach
mailing list