On Sun, 2014-02-02 at 12:10 +0100, Nikos Mavrogiannopoulos wrote: > I've rewritten the patches for DTLS and other improvements to > openconnect. > > They are now rebased on the current master, and allow elliptic curves > with gnutls 3.2.9 or later where the issue with the F5 firewall > is addressed using the %COMPAT keyword (I've also added some text > discussing the issue). > > Still the most important addition is the support for AES-GCM, which is > not only better to AES-CBC due to side-channels, but is also more > UDP-friendly as it requires no padding and has a shorter nonce. > > They are available from: > git://gitorious.org/openconnect-x/openconnect-x.git privacy-improvements Please add the --pfs option to the man page too. And shouldn't it affect the DTLS setup too? It probably also wants an openconnect_set_pfs() function in the library, since we now support actually making connections from the library too? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140203/8789773b/attachment-0001.bin>
