On Tue, 2014-02-11 at 16:35 +0100, Nikos Mavrogiannopoulos wrote: > > I think that the "ssl" rekey option of anyconnect suits better the > design of ocserv, as it allows for seamless rekey of both channels > (without breaking the connection). However, openconnect always assumes > the new-tunnel rekey method, and with this patch it is made aware of > the different options (and currently simply ignore the ones that are > unsupported). Do we actually know how the 'ssl' rekey method works for DTLS and CSTP with a Cisco server? Previously, if the server asked for them, we'd fall back to tearing down the connection and making a new one (the 'new-tunnel' method). Now we do nothing... isn't that going to cause a problem? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140211/353f6725/attachment.bin>
