Opened 2 years ago

Closed 2 years ago

#1334 closed Feature Wish (notabug)

Command line option to extract TLS-Crypt-v2 metadata from client key

Reported by: tct Owned by: tct
Priority: minor Milestone:
Component: Generic / unclassified Version: OpenVPN 2.5.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: tls-crypt-v2 metadata
Cc: tct


Unless the metadata is saved in plain text in another file, there is no way to verify the client metadata except via connecting to a live server.

EasyTLS currently saves the metadata in plain text to a file.

Change History (6)

comment:1 Changed 2 years ago by tct

Cc: tct added

comment:2 Changed 2 years ago by tct

Version: OpenVPN 2.5.0 (Community Ed)

comment:4 Changed 2 years ago by Gert Döring

Owner: set to Steffan Karger
Status: newassigned

I leave that to you and syzzer to discuss...

comment:5 Changed 2 years ago by tct

Owner: changed from Steffan Karger to tct
Status: assignedaccepted

I thought this through and changed my mind.

A command line option would make it too easy to try to brute-force a client key. (Not that I doubt syzzer's skill but why open that door?)

Closing but feel free to comment.

comment:6 Changed 2 years ago by tct

Resolution: notabug
Status: acceptedclosed
Note: See TracTickets for help on using tickets.