Upgrade to OpenVPN 2.4.2

google / nogotofail

An on-path blackbox network traffic security testing tool

Apache License 2.0

2.94k stars 418 forks source link

Closed klyubin closed 7 years ago

klyubin commented 7 years ago

This enables us to:

Abandon the floating client patch because floating is a standard feature in OpenVPN 2.4.
Switch from DHE to ECDHE for the TLS connection and avoid wasting large amounts of time during setup to generate 2048-bit DH parameters.
Switch data channel packet encryption/authentication from AES-CBC with SHA-256 HMAC to AES-GCM.