Re: [Openvpn-users] Keys in Openvpn 2.4

Sat, 05 Nov 2016 09:30:09 -0700 


________________________________________
From: openvpn-users-requ...@lists.sourceforge.net 
<openvpn-users-requ...@lists.sourceforge.net>
Sent: Saturday, November 5, 2016 7:08 AM
To: openvpn-users@lists.sourceforge.net
Subject: Openvpn-users Digest, Vol 126, Issue 3

Send Openvpn-users mailing list submissions to
        openvpn-users@lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/openvpn-users
or, via email, send a message with subject or body 'help' to
        openvpn-users-requ...@lists.sourceforge.net

You can reach the person managing the list at
        openvpn-users-ow...@lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Openvpn-users digest..."


Today's Topics:

   1. Keys in Openvpn 2.4 (jack seth)
   2. Re: Keys in Openvpn 2.4 (Steffan Karger)


----------------------------------------------------------------------

Message: 1
Date: Sat, 5 Nov 2016 01:29:00 +0000
From: jack seth <bird_...@hotmail.com>
Subject: [Openvpn-users] Keys in Openvpn 2.4
To: "openvpn-users@lists.sourceforge.net"
        <openvpn-users@lists.sourceforge.net>
Message-ID:
        
<bn6pr10mb14573fa73769cff21d8c92b5bf...@bn6pr10mb1457.namprd10.prod.outlook.com>

Content-Type: text/plain; charset="iso-8859-1"


How large of elliptic curve keys and EC DH parameters can 2.4 handle?


------------------------------

Message: 2
Date: Sat, 5 Nov 2016 09:15:13 +0100
From: Steffan Karger <stef...@karger.me>
Subject: Re: [Openvpn-users] Keys in Openvpn 2.4
To: openvpn-users@lists.sourceforge.net
Message-ID: <c770eace-8c0b-a0fe-8ef8-0b9bb07de...@karger.me>
Content-Type: text/plain; charset=windows-1252

Hi,

On 05-11-16 02:29, jack seth wrote:
> How large of elliptic curve keys and EC DH parameters can 2.4 handle?

As large as the underlying crypto library version can.  P-521 shouldn't
be a problem.  General consensus (looking at e.g. IKE and TLS) seems to
be that 256/384 bits curves are good enough (e.g. curve25519, P-256 or
P-384).

(You might run in to issues if you are using other features that need to
comply, such as --pkcs11-* ('smart cards'), --management-external-key or
--cryptoapicert, but if it's just a key file you're trying to load that
shouldn't be a problem.)

-Steffan



------------------------------

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi

------------------------------

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users


End of Openvpn-users Digest, Vol 126, Issue 3
*********************************************
I would like to be able to generate keys that are at least equivalent to 
AES-256.  See the chart here 
http://crypto.stackexchange.com/questions/31439/how-do-i-get-the-equivalent-strength-of-an-ecc-key
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to