On Mon, 2018-01-08 at 08:51 -0800, Daniel Lenski wrote: > Perhaps the correct solution here is to turn replay protection on as a > warning but not a fatal error, as you suggest. I've done that, which keeps things relatively simple and also means that we base 'old_esp_maxseq' on the received packet with the highest seqno, not just the most recently received packet. I added a changelog entry while I was at it :) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5213 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20180227/d73a55e2/attachment.bin>
