Hi Ralf, On 16/06/15 16:40, Ralf Hildebrandt wrote: > Are there currently recommendations for the ciphers when dealing with > clients >= 2.3.6 (Cross-platform; windows, mac os x, Linux)? > > I've seen: > > cipher AES-256-CBC > keysize 256 > auth SHA256 > > and: > > cipher AES-256-CBC > auth SHA512 > tls-cipher DHE-RSA-AES256-SHA > I'd recommend
cipher AES-256-CBC auth SHA256 (the keysize is fixed for AES so there's no need to specify it; the only ciphers with variable keysize are RC2, CAST5 and BlowFish). The main reason to use AES-256 is if you're using machines that are optimized for AES (e.g. AES-NI capable CPU's). AES-256 is faster than Blowfish on such CPU's. Increasing the auth (hash) size to 512 is not likely to increase security, unless you are also issuing certificates signed using SHA512: the control channel hashing algo is almost always the same as the algo used to sign the certificates. By using 'auth sha512' you could end up making the data channel more securely hashed/signed (and a lot slower) than the control channel, which does add a lot of extra security. HTH, JJK ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
