[Vpn-help] Build that could use some testing ...
Matthew Grooms
mgrooms at shrew.net
Thu Sep 14 15:21:44 CDT 2006
Peter Eisch wrote:
> On 9/14/06 1:24 PM, "Matthew Grooms" <mgrooms at shrew.net> wrote:
>
> No problem. I can jump on the p12 stuff whenever it's ready.
>
Excellent. I will let you know when I have it ready for more broad
testing. Thanks!
> I suppose, if I were really good, I'd actually test both signatures with all
> the encryption options. My RSASIG profile uses aes/sha1 for both phases and
> the Hybrid profile uses 3des/md5. In all profiles I use DH Group 2 and PFS
> Group 2. Do you have a feel for what would be a quality testing of
> combinations?
>
This is a good thought but I don't think this is really necessary. That
section of the code is never touched and just maps a value that later
gets supplied to the OpsenSSL libcrypto functions. If it works for one
DH Group it should work for any of them.
> Also, I could probably add PSK auth methods as well... This one is simple
> enough to test.
>
This would be helpful. The last bug I ran across showed up with PSK mode
but wasn't triggered with RSA modes.
Thanks again,
-Matthew
More information about the vpn-help
mailing list