tinc - Jan 2016 - Does tinc have something akin to openvpn's --tls-auth ? Or do I not need that at all ?

Hello,

I wanted to ask if tinc had something akin to openvpn's --tls-auth
option, for all the reason's listed here:
https://community.openvpn.net/openvpn/wiki/Hardening

I have read http://www.tinc-vpn.org/documentation-1.1/tinc.pdf, but I
have not seen anything similar.

Or do I not need that feature at all because tinc handles cryptology
different than openvpn ( tinc's uses RSA keys which are generated during
setup currently - openvpn uses a cert authority with X.509 with
different tls ciphers afaik )?

While my understanding of crypto is not bad, I would not want to assume
to judge crypto implementations on their design, so I am asking a stupid
question to further my understanding - and feel better with my use of
tinc, dot the i's and cross the t's and all that.

Thanks
BR
Max.

On Fri, Jan 22, 2016 at 01:16:36PM +0100, Maximilian H. wrote:
> I wanted to ask if tinc had something akin to openvpn's --tls-auth
> option, for all the reason's listed here:
> https://community.openvpn.net/openvpn/wiki/Hardening
No, it does not. But you don't need it with tinc. Even with OpenVPN, it
is not so useful, unless you are using very weak TLS ciphersuites.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20160122/1b43fdd7/attachment.sig>