… | |
… | |
53 | take longer than encrypting and mac'ing a 1.5kb packet, and IVs |
53 | take longer than encrypting and mac'ing a 1.5kb packet, and IVs |
54 | do not need to be cryptographically strong random numbers |
54 | do not need to be cryptographically strong random numbers |
55 | (and in fact, shouldn't be)). |
55 | (and in fact, shouldn't be)). |
56 | - if-up scripts can now be specified with absolute paths. |
56 | - if-up scripts can now be specified with absolute paths. |
57 | - new global option: serial, to detect configuration mismatches. |
57 | - new global option: serial, to detect configuration mismatches. |
|
|
58 | - use HKDF as authentication proof, not HMAC or a plain hash |
|
|
59 | (hint by Ilmari Karonen). |
58 | |
60 | |
59 | 2.25 Sat Jul 13 06:42:33 CEST 2013 |
61 | 2.25 Sat Jul 13 06:42:33 CEST 2013 |
60 | - INCOMPATIBLE CHANGE: no longer enable udp protocol if no other |
62 | - INCOMPATIBLE CHANGE: no longer enable udp protocol if no other |
61 | protocols are enabled - this is necessary when you have nodes with |
63 | protocols are enabled - this is necessary when you have nodes with |
62 | completely unknown protocols, to force mediated connection requests. |
64 | completely unknown protocols, to force mediated connection requests. |