Hello David
Your last answer was a big step for me... thank you!
egrep -i "diffie|ecdh|channel" openvpn_udp.log
Fri Nov 15 11:03:20 2019 Diffie-Hellman initialized with 4096 bit key
Fri Nov 15 11:03:20 2019 ECDH curve secp384r1 added
Fri Nov 15 11:03:20 2019 Outgoing Control Channel Encryption: Cipher
'AES-256-CTR' initialized with 256 bit key
Fri Nov 15 11:03:20 2019 Outgoing Control Channel Encryption: Using 256 bit
message hash 'SHA256' for HMAC authentication
Fri Nov 15 11:03:20 2019 Incoming Control Channel Encryption: Cipher
'AES-256-CTR' initialized with 256 bit key
Fri Nov 15 11:03:20 2019 Incoming Control Channel Encryption: Using 256 bit
message hash 'SHA256' for HMAC authentication
Fri Nov 15 11:07:36 2019 Control Channel: TLSv1.3, cipher TLSv1.3
TLS_AES_256_GCM_SHA384, 384 bit EC, curve: secp384r1
Fri Nov 15 11:07:37 2019 Outgoing Data Channel: Cipher 'AES-256-GCM'
initialized with 256 bit key
Fri Nov 15 11:07:37 2019 Incoming Data Channel: Cipher 'AES-256-GCM'
initialized with 256 bit key
I think this looks really good. Now I have more feeling as before to determine/control that and that it is not an accidental
result, without understanding it.
Am 14.11.19 um 22:03 schrieb David Sommerseth:
But there are lots of blog posts on the
Interweb which is just plain wrong; unfortunately also too many posts on how
to setup a "secure" OpenVPN server (many which do fail badly here).
Yes, that is often much more a problem than it is really helpful.
Thank you for your patience.
Best Reagards
Tom
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
