Hi, On 31-03-17 22:34, David Sommerseth wrote: > On 31/03/17 10:56, Илья Шипицин wrote: >> 2017-03-31 13:26 GMT+05:00 Samuli Seppänen <sam...@openvpn.net >> <mailto:sam...@openvpn.net>>: >> >> Hi, >> >> We still bundle EasyRSA 2 with our Windows installers and it is >> prominently advertised on our widely linked to HOWTO: >> >> <https://openvpn.net/index.php/open-source/documentation/howto.html >> <https://openvpn.net/index.php/open-source/documentation/howto.html>> >> >> As such, EasyRSA 2 is used by many/most OpenVPN server admins. >> >> However, the default values for EasyRSA 2 such as MD5 hashing algorithm >> and 1024-bit keysize seem totally inadequate for today's standards: >> >> >> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/vars#L53 >> >> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/vars#L53>> >> >> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/openssl-1.0.0.cnf#L57 >> >> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/openssl-1.0.0.cnf#L57>> >> >> I think we should upgrade these to something more recent. What would >> more modern reasonable defaults be? >> >> >> >> someday we decided to use DSA (instead of default RSA) >> it worked ... until we started to use OpenVPN Connect for iOS. >> next, we had to change back to RSA >> >> >> the conclusion would be "test all available platforms and take a >> decision", probably even set up special test server and ask people on >> openvpn-users mailing list > > Always a good idea to test as many platforms as possible. But we can > also leverage all the testing which have been done indirectly by others > as well. > > The suggestion from Samuli is to update the default key size and hashing > algorithm. MD5 is broken. MD5 have been broken for years. SHA1 have > the recent SHAttering panic, which have its own set of challenges - and > should not be used for certificates any longer (if I have understood the > crypto-gurus correctly). > > Also considering that the "world in general" have been moving towards > stronger keys *and* have moved towards SHA256 hashing in certificates, > updating EasyRSA is more than reasonable. > > So, I would highly recommend using SHA256. I have used that for my > OpenVPN setups for several years already. That works fine for me, and I > know others have done the same. This is actually the most challenging > move, from a technical point of view - using a new algorithm. But this > algorithm is well supported by all OpenSSL and mbed TLS implementations > OpenVPN can be built against. > > Secondly, updating the key length from 1024 bits to at least 2048 should > not cause any issues at all. Many users (myself included) often use > 4096 bits keys without any issues. > > Swapping RSA for DSA is an issue of a completely different league. And > DSA is by OpenSSH considered too weak; IIRC it was even removed in > OpenSSH v7.0.
Yes, upgrading would be good if we still ship it. I can echo David's SHA256 / RSA2048+ recommendation. Enough security margin, and very good interop (not only crypto libs, but also smart cards, OS key stores, ...). To not dramatically slow down connection setup on low-cpu-power devices (e.g. home routers), don't go beyond RSA4096 though. DSA is _not_ a preferred choice. The original 1024-bit DSA is too weak nowadays, and the 'larger' DSA variants are not even close to the wide support that RSA has. -Steffan
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel