|
|
Does anyone (Jim) know the method uses to handle periodic rekeying in OpenVPN. Particularly, I would like to know if the pre_master_secret and master_secret are regenerated as in a TLS renegotiate, or are the old pre_master_secret or master_secret just reexpanded using new client/server random input as in a TLS resume_connection type of situation? I hope I asked that right. I'm assuming OpenVPN is using the regular TLS key generation process. Also, we have no facility for non-repudiation in OpenVPN right? We are sharing keys on both sides for hash and encrypt, so there is no way to determine 100% which side sent the data. I don't know that we really need non-rep for a tunnel between two trusted systems, I just want to make sure I'm understanding this correctly. Thanks, Charlie ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |