diff options
author | Steffan Karger | 2018-10-22 13:45:15 +0200 |
---|---|---|
committer | David Sommerseth | 2018-10-26 19:05:25 +0200 |
commit | ff931c5e99a808e762bc0203d70f19bf3767e216 (patch) | |
tree | 1e76db6c01f926068f86275ff20b68c9a1a30a06 /Changes.rst | |
parent | 19dffdbde08f6b1ea5d32d429a255218d4304c66 (diff) | |
download | openvpn-ff931c5e99a808e762bc0203d70f19bf3767e216.zip openvpn-ff931c5e99a808e762bc0203d70f19bf3767e216.tar.gz |
tls-crypt-v2: add script hook to verify metadata
To allow rejecting incoming connections very early in the handshake,
add a --tls-crypt-v2-verify option that allows administators to
run an external command to verify the metadata from the client key.
See doc/tls-crypt-v2.txt for more details.
Because of the extra dependencies, this requires adding a mock
parse_line() to the tls-crypt unit tests. Also, this turns tls_wrap_free
into a static inline function, so that we don't need to compile in ssl.c
(and all of it's dependencies) with the unit tests.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1540208715-14044-6-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17789.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Diffstat (limited to 'Changes.rst')
-rw-r--r-- | Changes.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Changes.rst b/Changes.rst index 70ce2e1..a7429b1 100644 --- a/Changes.rst +++ b/Changes.rst @@ -3,6 +3,12 @@ Overview of changes in 2.5 New features ------------ +Client-specific tls-crypt keys (``--tls-crypt-v2``) + ``tls-crypt-v2`` adds the ability to supply each client with a unique + tls-crypt key. This allows large organisations and VPN providers to profit + from the same DoS and TLS stack protection that small deployments can + already achieve using ``tls-auth`` or ``tls-crypt``. + ChaCha20-Poly1305 cipher support Added support for using the ChaCha20-Poly1305 cipher in the OpenVPN data channel. |