On 05/11/2019 11:09, Thomas Luening wrote: > Hello > > I hope you can help me with the answers for 2 theoretical questions. When I > open a new OpenVPN session, an asymmetric RSA encryption is used to determine > a symmetric session key, e.g. for AES. The subsequent session is then > encrypted with AES and the found symmetric key.
In OpenVPN terminology, the asymmetrical key is used in the OpenVPN Control Channel communication, while the symmetric session key is used in the OpenVPN Data Channel. The Control Channel is essentially where authentication, options pushed by server, peer information, etc is sent, while the Data Channel is the tunneled network traffic being sent or received to/from the remote side. > > 1. Does the choice of RSA2048 or RSA8192 affect the length or strength of the > new symmetric session-key? No. There is no direct relation between key sizes in the control or data channel, the crypto parameters there are handled/configured separately. The strength of the control channel is controlled via the --tls-cipher/--tls-ciphersuites options (but the default values here should be more than strong enough for the vast majority of OpenVPN users). There is also --tls-cert-profile which can be used to further restrict what kind of cryptographic algorithms being allowed for the control channel. The data channel strength is managed using the --cipher option (as well as the deprecated --keysize option, for ciphers not indicating the key size in the cipher suite - such as the not recommended Blowfish cipher). > 2. Or does the choice of RSA2048 or RSA8192 only affect the security of > communication in the symmetrical key finding process? No, as mentioned above, the data channel cipher settings is handled independently of the control channel. With OpenVPN 2.4 the Negotiable Crypto Parameters (NCP) feature was added, which allows some kind of negotiation - even though it is not a particularly intelligent negotiation. See the --ncp-ciphers option in the man page for details. The default behavior when using OpenVPN 2.4 clients or OpenVPN 3 based clients (OpenVPN Connect, OpenVPN for Android with OpenVPN 3 backend enabled or OpenVPN 3 Linux), is to upgrade to AES-256-GCM if this has not been configured with --cipher already. The security of the data channel is also affected by --auth, which defaults to SHA1 by default. The default settings is generally considered safe enough, as it is used in HMAC operations. The --auth option protects your packets by authenticating the packets received from the remote side. If you want something theoretically stronger for authentication, you can consider SHA256 which increases the packet overhead a little bit (an additional 12 bytes per packet, roughly 0.8% of a 1500 bytes packet, iirc). But under no circumstances consider SHA512, which _will_ kill the VPN performance (IIRC, it adds 44 bytes per packet - which is roughly 3% of 1500 bytes). If you use an AEAD based cipher (like AES-GCM), --auth has no effect as the packet authentication is already an integrated part of the cipher operation, thus it also has the least amount of packet overhead as well (I don't recall now the exact overhead now) -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
