On 02/04/2017 10:57, Steffan Karger wrote: > Hi, > > On 31-03-17 22:34, David Sommerseth wrote: >> On 31/03/17 10:56, Илья Шипицин wrote: >>> 2017-03-31 13:26 GMT+05:00 Samuli Seppänen <sam...@openvpn.net >>> <mailto:sam...@openvpn.net>>: >>> >>> Hi, >>> >>> We still bundle EasyRSA 2 with our Windows installers and it is >>> prominently advertised on our widely linked to HOWTO: >>> >>> <https://openvpn.net/index.php/open-source/documentation/howto.html >>> <https://openvpn.net/index.php/open-source/documentation/howto.html>> >>> >>> As such, EasyRSA 2 is used by many/most OpenVPN server admins. >>> >>> However, the default values for EasyRSA 2 such as MD5 hashing algorithm >>> and 1024-bit keysize seem totally inadequate for today's standards: >>> >>> >>> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/vars#L53 >>> >>> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/vars#L53>> >>> >>> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/openssl-1.0.0.cnf#L57 >>> >>> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/openssl-1.0.0.cnf#L57>> >>> >>> I think we should upgrade these to something more recent. What would >>> more modern reasonable defaults be? >>> >>> >>> >>> someday we decided to use DSA (instead of default RSA) >>> it worked ... until we started to use OpenVPN Connect for iOS. >>> next, we had to change back to RSA >>> >>> >>> the conclusion would be "test all available platforms and take a >>> decision", probably even set up special test server and ask people on >>> openvpn-users mailing list >> >> Always a good idea to test as many platforms as possible. But we can >> also leverage all the testing which have been done indirectly by others >> as well. >> >> The suggestion from Samuli is to update the default key size and hashing >> algorithm. MD5 is broken. MD5 have been broken for years. SHA1 have >> the recent SHAttering panic, which have its own set of challenges - and >> should not be used for certificates any longer (if I have understood the >> crypto-gurus correctly). >> >> Also considering that the "world in general" have been moving towards >> stronger keys *and* have moved towards SHA256 hashing in certificates, >> updating EasyRSA is more than reasonable. >> >> So, I would highly recommend using SHA256. I have used that for my >> OpenVPN setups for several years already. That works fine for me, and I >> know others have done the same. This is actually the most challenging >> move, from a technical point of view - using a new algorithm. But this >> algorithm is well supported by all OpenSSL and mbed TLS implementations >> OpenVPN can be built against. >> >> Secondly, updating the key length from 1024 bits to at least 2048 should >> not cause any issues at all. Many users (myself included) often use >> 4096 bits keys without any issues. >> >> Swapping RSA for DSA is an issue of a completely different league. And >> DSA is by OpenSSH considered too weak; IIRC it was even removed in >> OpenSSH v7.0. > > Yes, upgrading would be good if we still ship it. I can echo David's > SHA256 / RSA2048+ recommendation. Enough security margin, and very good > interop (not only crypto libs, but also smart cards, OS key stores, > ...). To not dramatically slow down connection setup on low-cpu-power > devices (e.g. home routers), don't go beyond RSA4096 though. > > DSA is _not_ a preferred choice. The original 1024-bit DSA is too weak > nowadays, and the 'larger' DSA variants are not even close to the wide > support that RSA has. > > -Steffan >
Hi, I've issue a pull request here and review would be appreciated: <https://github.com/OpenVPN/easy-rsa-old/pull/1> I tested these changes on Debian 8 which has OpenSSL-1.0.1. Key size was set to 4096-bits and signature algorithm to SHA256WithRSAEncryption. The only real issue was DH parameter generation: it took ~25 minutes on my Intel i5 laptop. Is that acceptable default behavior? -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
0x40864578.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
