Hi,

On 31-03-17 22:34, David Sommerseth wrote:
> On 31/03/17 10:56, Илья Шипицин wrote:
>> 2017-03-31 13:26 GMT+05:00 Samuli Seppänen <sam...@openvpn.net
>> <mailto:sam...@openvpn.net>>:
>>
>>     Hi,
>>
>>     We still bundle EasyRSA 2 with our Windows installers and it is
>>     prominently advertised on our widely linked to HOWTO:
>>
>>     <https://openvpn.net/index.php/open-source/documentation/howto.html
>>     <https://openvpn.net/index.php/open-source/documentation/howto.html>>
>>
>>     As such, EasyRSA 2 is used by many/most OpenVPN server admins.
>>
>>     However, the default values for EasyRSA 2 such as MD5 hashing algorithm
>>     and 1024-bit keysize seem totally inadequate for today's standards:
>>
>>     
>> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/vars#L53
>>     
>> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/vars#L53>>
>>     
>> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/openssl-1.0.0.cnf#L57
>>     
>> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/openssl-1.0.0.cnf#L57>>
>>
>>     I think we should upgrade these to something more recent. What would
>>     more modern reasonable defaults be?
>>
>>
>>
>> someday we decided to use DSA (instead of default RSA)
>> it worked ... until we started to use OpenVPN Connect for iOS.
>> next, we had to change back to RSA
>>
>>
>> the conclusion would be "test all available platforms and take a
>> decision", probably even set up special test server and ask people on
>> openvpn-users mailing list
> 
> Always a good idea to test as many platforms as possible.  But we can
> also leverage all the testing which have been done indirectly by others
> as well.
> 
> The suggestion from Samuli is to update the default key size and hashing
> algorithm.  MD5 is broken.  MD5 have been broken for years.  SHA1 have
> the recent SHAttering panic, which have its own set of challenges - and
> should not be used for certificates any longer (if I have understood the
> crypto-gurus correctly).
> 
> Also considering that the "world in general" have been moving towards
> stronger keys *and* have moved towards SHA256 hashing in certificates,
> updating EasyRSA is more than reasonable.
> 
> So, I would highly recommend using SHA256.  I have used that for my
> OpenVPN setups for several years already.  That works fine for me, and I
> know others have done the same.  This is actually the most challenging
> move, from a technical point of view - using a new algorithm.  But this
> algorithm is well supported by all OpenSSL and mbed TLS implementations
> OpenVPN can be built against.
> 
> Secondly, updating the key length from 1024 bits to at least 2048 should
> not cause any issues at all.  Many users (myself included) often use
> 4096 bits keys without any issues.
> 
> Swapping RSA for DSA is an issue of a completely different league. And
> DSA is by OpenSSH considered too weak; IIRC it was even removed in
> OpenSSH v7.0.

Yes, upgrading would be good if we still ship it.  I can echo David's
SHA256 / RSA2048+ recommendation.  Enough security margin, and very good
interop (not only crypto libs, but also smart cards, OS key stores,
...).  To not dramatically slow down connection setup on low-cpu-power
devices (e.g. home routers), don't go beyond RSA4096 though.

DSA is _not_ a preferred choice.  The original 1024-bit DSA is too weak
nowadays, and the 'larger' DSA variants are not even close to the wide
support that RSA has.

-Steffan

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to