[strongSwan] Strongswan caching CRL's when setting is set to "no"
Tobias Brunner
tobias at strongswan.org
Thu Jun 2 09:50:34 CEST 2022
Hi Eric,
> Does "<conn>.reauth_time” and leaving “break_before_make” alone force a
> reauth and certificate validity check on IKE/ISAKMP from non-cached crl’s?
Could you please clarify your question (e.g. why do you mention
break_before_make in this context? what do you mean with "from
non-cached CRLs"? are you considering setting reath_time on the client
or the server - and with what type of authentication/config? why do you
mention ISAKMP, are you actually considering using IKEv1?).
Regards,
Tobias
More information about the Users
mailing list