Hi, Starting a new easy-rsa setup from scratch. New CA etc. I noticed in my old config I had a dh4096.pem file which I had supposedly build by temporarily increasing the KEY_SIZE line export KEY_SIZE=4096 ... I think.
However, I can no longer find why I did this, supposedly to get a larger base for my TLS / session keys... I think. 1) Am I right? Does a larger dhxxxx.pem file indeed result in a larger pool for OpenVPN to get TLS/session keys from? 2) If 1) is correct and there is indeed a use for a bigger dh file, can I indeed create a new dh4096.pem file by temporarily increase the KEY_SIZE, run build-dh and then set it back to what I have? 3) Is there any use in creating an even bigger dh file, lets say a 8192 bit version? Bonno Bloksma ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
