plugin for different symmetric key exchange

igorlor · Post by **igorlor** » Thu Jun 14, 2012 3:42 pm

Hello everyone,

I would like to set up a different physical channel for the key exchange of my VPN and i would like to know if it's possible to do it with a plugin or if the key exchange system depends directly to openssl.

thanks in advance

igorlor

Post by **janjust** » Thu Jun 14, 2012 4:37 pm

which key exchange are we talking about? the initial control channel connection is negotiated using TLS ; this depends on the SSL lib used (openssl or polarssl in openvpn 2.3)
the data channel key exchange is done via the control channel and is a custom openvpn thing.

igorlor · Post by **igorlor** » Fri Jun 15, 2012 7:53 am

I would like to code a homemade key exchange system. Let's say i want to do what openssl does but using another physical channel. For example: Do the key exchange using a radio communication channel and data tranfer using a DSL line.

The goal is to separate physically the control channel and the data channel. Should I change directly openssl?

igorlor · Post by **igorlor** » Fri Jun 15, 2012 11:13 am

What i would like to do is to use different physical channels for key negotiation (and maybe not using TLS). I guess OpenVPN takes keys from a OpenSSL interface, so is it possible to configure this call to use another system which involves another physical connection?

If i am not wrong both key negotiation(initial and data channel key exchange) are done by TLS/SSL.

Post by **janjust** » Fri Jun 15, 2012 9:36 pm

I would like to code a homemade key exchange system. Let's say i want to do what openssl does but using another physical channel. For example: Do the key exchange using a radio communication channel and data tranfer using a DSL line.

this is an interesting idea but it would mean a protocol of openvpn itself; you would not have to change the openssl code but you will end up with a non-compatible version of openvpn

If i am not wrong both key negotiation(initial and data channel key exchange) are done by TLS/SSL.

the data channel key exchange is done by OpenVPN itself , not using any standard TLS/SSL techniques.

igorlor · Post by **igorlor** » Mon Jun 18, 2012 10:21 am

janjust wrote:
the data channel key exchange is done by OpenVPN itself , not using any standard TLS/SSL techniques.

Looking the code, if i create another keygen method (key_method_NEW_read() and key_method_NEW_write() in ssl.c file) which creates keys and share them over other physical channel it will be done right?

PD: Maybe i should send the question to the dev maillist?

Post by **janjust** » Tue Jun 19, 2012 12:00 pm

PS: Maybe i should send the question to the dev maillist?

yup, please do

OpenVPN Support Forum

plugin for different symmetric key exchange

plugin for different symmetric key exchange

Re: plugin for different symmetric key exchange

Re: plugin for different symmetric key exchange

Re: plugin for different symmetric key exchange

Re: plugin for different symmetric key exchange

Re: plugin for different symmetric key exchange

Re: plugin for different symmetric key exchange