Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
man: Add hints on using --pfs option
I ran "openconnect --pfs" to connect to 37 semi-randomly chosen servers: 33 servers failed with a TLS fatal alert 3 servers successfully negotiated the connection 1 server no longer existed According to Cisco, PFS support is about a year old in the 9.1 branch[1], two years old in the 8.4 branch[2], and absent in 8.6/9.0. So, if this means that some ~90% of users will not have much luck with --pfs, we can at least offer some information to help their system administrators configure it. [1] http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#pgfId-685480o [2] http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/release/notes/asarn84.html#pgfId-580804 Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
- Loading branch information