Hacker News new | past | comments | ask | show | jobs | submit login

New deployments should be with 1.1 using its new protocol.


That does look a lot better, however:

a) its not supported by the stable release

b) There are no claims about downgrade resistance. The manual specifies the new transport protocol is used if both clients support it and both have changed their configs to enable experimental mode. Can an attacker still force them to connect with legacy mode?

c) Users have to ensure every single config on every client has the correct setting.

d) It still doesn't have the identity hiding features of Wireguard. (Someone observing your network traffic can see which servers you are talking to from the transmitted signatures)

You can disable legacy support by not generating any RSA keys, or by building with DISABLE_LEGACY.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact