add comment on openvpn duplexing

author Aaron Zauner <azet@azet.org>

Mon, 16 Mar 2015 16:08:46 +0000 (17:08 +0100)

committer Aaron Zauner <azet@azet.org>

Mon, 16 Mar 2015 16:08:46 +0000 (17:08 +0100)
author Aaron Zauner <azet@azet.org>
Mon, 16 Mar 2015 16:08:46 +0000 (17:08 +0100)
committer Aaron Zauner <azet@azet.org>
Mon, 16 Mar 2015 16:08:46 +0000 (17:08 +0100)
diff --git a/src/practical_settings/vpn.tex b/src/practical_settings/vpn.tex

index ad08e2a..65d2476 100644 (file)
--- a/src/practical_settings/vpn.tex
+++ b/src/practical_settings/vpn.tex
@@ -220,6 +220,11 @@ that is then negotiated as usual with TLS, the \verb|cipher|
  and \verb|auth| options both take a single argument that must match on
  client and server.
  
+OpenVPN duplexes the tunnel into a data and a control channel. The control
+channel is a usual TLS connection, the data channel currently uses 
+encrypt-then-mac CBC, see \url{https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75365286}
+
+
  \paragraph{Server Configuration}
  ~\\
  % the cipherlist here is config B without the ECDHE strings, because
author	Aaron Zauner <azet@azet.org>
	Mon, 16 Mar 2015 16:08:46 +0000 (17:08 +0100)
committer	Aaron Zauner <azet@azet.org>
	Mon, 16 Mar 2015 16:08:46 +0000 (17:08 +0100)