On Fri, Feb 14, 2014 at 12:05 PM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: > And I don't think that this complexity is needed. I suppose that an > AnyConnect server sends "X-DTLS-Rekey: new-tunnel" or does not send this > header at all? In that case this commit would do the proper thing on > anyconnect and ocserv. In my testing I did not see an "X-DTLS-Rekey-Method:" header. The three headers listed in my post were the only ones containing "rekey" (case insensitive). At some point I'll try a newer ASA firmware and see if anything has changed.
