________________________________________
From: [email protected]
<[email protected]>
Sent: Saturday, November 5, 2016 7:08 AM
To: [email protected]
Subject: Openvpn-users Digest, Vol 126, Issue 3
Send Openvpn-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/openvpn-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Openvpn-users digest..."
Today's Topics:
1. Keys in Openvpn 2.4 (jack seth)
2. Re: Keys in Openvpn 2.4 (Steffan Karger)
----------------------------------------------------------------------
Message: 1
Date: Sat, 5 Nov 2016 01:29:00 +0000
From: jack seth <[email protected]>
Subject: [Openvpn-users] Keys in Openvpn 2.4
To: "[email protected]"
<[email protected]>
Message-ID:
<bn6pr10mb14573fa73769cff21d8c92b5bf...@bn6pr10mb1457.namprd10.prod.outlook.com>
Content-Type: text/plain; charset="iso-8859-1"
How large of elliptic curve keys and EC DH parameters can 2.4 handle?
------------------------------
Message: 2
Date: Sat, 5 Nov 2016 09:15:13 +0100
From: Steffan Karger <[email protected]>
Subject: Re: [Openvpn-users] Keys in Openvpn 2.4
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=windows-1252
Hi,
On 05-11-16 02:29, jack seth wrote:
> How large of elliptic curve keys and EC DH parameters can 2.4 handle?
As large as the underlying crypto library version can. P-521 shouldn't
be a problem. General consensus (looking at e.g. IKE and TLS) seems to
be that 256/384 bits curves are good enough (e.g. curve25519, P-256 or
P-384).
(You might run in to issues if you are using other features that need to
comply, such as --pkcs11-* ('smart cards'), --management-external-key or
--cryptoapicert, but if it's just a key file you're trying to load that
shouldn't be a problem.)
-Steffan
------------------------------
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
------------------------------
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
End of Openvpn-users Digest, Vol 126, Issue 3
*********************************************
I would like to be able to generate keys that are at least equivalent to
AES-256. See the chart here
http://crypto.stackexchange.com/questions/31439/how-do-i-get-the-equivalent-strength-of-an-ecc-key
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
