Hi, >>> Just a heads up on this new attack >>> https://weakdh.org/ >>> >> the short gist of this attack is: upgrade your DH param file to 2048 >> bits or more otherwise you're vulnerable :) > > This is true, but in the case of OpenVPN the case is less horrible, because: > > 1) OpenVPN encourages users to generate their own DH-group using 'openssl > dhparam', > instead of using common groups. The man page / examples used to provide 1024 > bits > DH keys (updated to 2048 recently),
Are you sure? I just looked at my setup which I generated many years ago and it has a dh4096.pem file I think I generated this using default parameters because I did not understand much about openvpn and keys at that time. But then again, maybe I did increase it myself. Bonno Bloksma ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
