You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* Select the level of hardware-address verification required ?
+----------------------------------------
| TLS-Auth/Crypt and TLS-Crypt-V2 Server
+----------------------------------------
| [0] Low - Allow all keys to connect, hwaddr verification is not enforced.
|
| [1] Default - Do not require clients to push a hwaddr.
| TLS-Crypt-V2 keys with a hwaddr mismatch will be disconnected.
| TLS-Crypt-V2 keys without a hwaddr can connect.
| TLS Auth and Crypt-v1 keys can connect.
|
| [2] Medium - Require all clients to push a hwaddr.
| TLS-Crypt-V2 keys with a hwaddr mismatch will be disconnected.
| TLS-Crypt-V2 keys without a hwaddr can connect but must push a hwaddr.
| TLS Auth and Crypt-v1 keys can connect but must push a hwaddr.
+----------------------------------------
| TLS-Crypt-V2 ONLY Server
+----------------------------------------
| [3] Medium-High - Do not require clients to push a hwaddr.
| TLS-Crypt-V2 keys without a Hardware-address can connect.
|
| [4] High - Require all clients to push a hwaddr.
| TLS-Crypt-v2 keys without a hwaddr can connect but must push a hwaddr.
|
| [5] Very High - hwaddr verification is enforced on all clients.
| TLS-Crypt-V2 key must have a hwaddr and client must push a hwaddr.
Possibly, have a new flag to allow TLS-Auth/Crypt at level 3-5 ?
| [0] Lowest - Allow all valid TLS-AUTH/Crypt/V2 keys to connect.
| ALL TLS-Crypt-V2 key extended tests are NOT peformed.
*New*
| [1] Low - Functionally equivalent to [0] Low - Allow all..
| Except, ALL TLS-Crypt-V2 key extended tests are peformed.
| Same as default [2], except hwaddr-mismatches are IGNORED.
*Bumped* from [1]
| [2] Default - Do not require clients to push a hwaddr.
| TLS-Crypt-V2 keys with a hwaddr mismatch will be disconnected.
| TLS-Crypt-V2 keys without a hwaddr can connect.
| TLS Auth and Crypt-v1 keys can connect.
Bumps all higher levels up by one.
Signed-off-by: Richard T Bonhomme <[email protected]>
TinCanTech
changed the title
Client-connect: High level security should allow TLS-Auth/Crypt keys by configuration
Client-connect: High level security could allow TLS-Auth/Crypt keys by configuration
Jan 25, 2022
Example:
#key_hwaddr_required=1
could still allow TLS-Auth/Crypt only key access ..A slightly finer balance with
#crypt_v2_required=1
The text was updated successfully, but these errors were encountered: