Originally reported by 7asecurity during their security audit:
During TLS/VPN negotiation, OpenVPN clients send a Change Cipher Spec P_CONTROL_V1 packet, which contains an embedded P_ACK_V1 packet. OpenVPN in that way uses the ability to combine both P_CONTROL and P_ACK payloads1 inside a single packet. However, minivpn sends two packets (see figure)
I think this is due to the naive implementation of the ack mechanism in the current state, that doesn't allow to send ACKs for several packet ids within a single control packet. I think this can be better handled after landing #32
Originally reported by 7asecurity during their security audit:
During TLS/VPN negotiation, OpenVPN clients send a Change Cipher Spec P_CONTROL_V1 packet, which contains an embedded P_ACK_V1 packet. OpenVPN in that way uses the ability to combine both P_CONTROL and P_ACK payloads1 inside a single packet. However, minivpn sends two packets (see figure)
I think this is due to the naive implementation of the ack mechanism in the current state, that doesn't allow to send ACKs for several packet ids within a single control packet. I think this can be better handled after landing #32