Hi, David's remarks are correct. I've added some small nuances below, but overall the answers do not change.
On 14/12/16 12:40, David Sommerseth wrote: > On 14/12/16 07:54, Kevin Long wrote: >> 1. Use easy-rsa3 or equivalent openssl commands to generate your >> keys/certificates using elliptic curve (instead of RSA). > I'm no crypto expert, but I believe there are some concerns about EC > and post-quantum computing, where it is believed that RSA will be > somewhat stronger (or do I confuse this with AES?). To my knowledge, > there are nobody saying RSA-4096 are broken or weak. in a post-quantum world both EC and RSA will/might be trivial to solve. AES encryption is still fundamentally OK, but the hard part is getting the keying information exchanged. For that you'd now use EC, RSA or DSA, all of which are done for with the proper quantum computer. >> 2. Use the new —tis-crypt feature rather than just —tis-auth (openvpn 2.4 ) > Yes, this will definitely help, and it is even slated as a kind of > "poor mans post-quantum solution" until we have something better. > >> 3. Set tls-minimum to 1.2 on both client/server > Sounds reasonable. It sure protects against any downgrade attacks. But > on the other hand: If using --tls-crypt/--tls-auth, this can anyhow only > happen by one of the clients you have shared a static key with. It's the pre-shared static key which helps you in the post-quantum world - even a quantum computer will have difficulty decoding a (large) preshared key. > >> 4. Use a great tls-cipher that utilizes elliptic curve : >> TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 ( ?? ) >> 5. Use a great cipher for openvpn data channel: AES-256-GCM (openvpn >> 2.4) ( ?? ) > If you use OpenVPN 2.4 on both sides, the crypto will be upgraded to > the strongest one by default. No need to tie yourself to specific > configuration settings. > > From my own client log file, where I do not have --cipher nor > --tls-cipher. Both sides run a 2.4_rc/git master version. > > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, > 4096 bit RSA > Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key > Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key > > Now, the interesting detail here is that my certificates are not EC > certificates, but it has negotiated ECDHE-RSA-AES256-GCM-SHA384 for the > control channel. (But EC certificates goes further than just ECDHE and > AES-256-GCM) > > you don't need EC certificates to negotiate an ECDHE-* cipher. Even when you're visiting a secure website using something like Firefox or Chrome you'd end up with an ECDHE cipher: just check the web server log files. cheers, JJK / Jan Just Keijser ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
