Hi James, On 22-02-17 19:48, James Yonan wrote: > mbedTLS 2 has a new feature that allows rejection of certificates if the > key size is too small or the signing hash is weak. > > The feature is controlled via struct mbedtls_x509_crt_profile. > > For example, you could specify that certificates must be at least 2048 > bits and use a SHA-2 signing alg. > > Wondering if we should enable this via an option, or tie it into the > existing tls-version-min. > > The granular approach would be to have specific options for each limit, > such as ssl-min-key-size, ssl-require-sha2 > > The bundled approach would be to take an existing option such as > tls-version-min and add additional constraints onto it. For example, if > tls-version-min is 1.2 or higher, then also require minimum key size to > be 2048 and certificate signing hash to be SHA-2.
OpenVPN 2.4 currently just uses mbed TLS' default profile, and we tell people to use stronger keys (RSA 2048+ / ECDSA) or a stronger hash function (SHA1+) if that causes trouble. If we are going to make this configurable, I think we should separate it from tls-version-min. The main use case I see for using a lower security setting would be an out-of-the-admins-control CA, or something like (old) smart cards that don't support RSA-2048. I wouldn't want to block people from enforcing TLS 1.2, because their smart card is crappy. So I think we'll have to add the relevant --tls-rsa-key-size-min, --tls-curves (could replace --ecdh-curves), --tls-digests options. If we want to make it configurable, that is. -Steffan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
