[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Mon Mar 2 02:47:56 UTC 2020
New commits:
commit 21100cee5f207c24ee55ad6c612a84a6140ba583
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 1 21:46:17 2020 -0500
IKEv2: Set keyingtries to 1 for Opportunistic Encryption connections.
We cannot have unlimited keyingtries for Opportunistic, or else we gain
infinite partial IKE SA's. But also, more than one makes no sense, since
it will be installing a failureshunt (not negotiationshunt) on the 2nd
keyingtry, and try to re-install another negotationshunt, ad nauseam.
More information about the Swan-commit
mailing list