You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Originally reported by 7asecurity during their security audit:
During TLS/VPN negotiation, OpenVPN clients send a Change Cipher Spec P_CONTROL_V1 packet, which contains an embedded P_ACK_V1 packet. OpenVPN in that way uses the ability to combine both P_CONTROL and P_ACK payloads1 inside a single packet. However, minivpn sends two packets (see figure)
I think this is due to the naive implementation of the ack mechanism in the current state, that doesn't allow to send ACKs for several packet ids within a single control packet. I think this can be better handled after landing #32
The text was updated successfully, but these errors were encountered:
Originally reported by 7asecurity during their security audit:
During TLS/VPN negotiation, OpenVPN clients send a Change Cipher Spec P_CONTROL_V1 packet, which contains an embedded P_ACK_V1 packet. OpenVPN in that way uses the ability to combine both P_CONTROL and P_ACK payloads1 inside a single packet. However, minivpn sends two packets (see figure)
I think this is due to the naive implementation of the ack mechanism in the current state, that doesn't allow to send ACKs for several packet ids within a single control packet. I think this can be better handled after landing #32
The text was updated successfully, but these errors were encountered: