Changes between Version 8 and Version 9 of Hardening


Ignore:
Timestamp:
03/26/17 17:16:17 (7 years ago)
Author:
Steffan Karger
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Hardening

    v8 v9  
    3939Up to 4096-bit is accepted by nearly all RSA systems (including OpenVPN,) but use of keys this large will dramatically increase generation time, TLS handshake delays, and CPU usage for TLS operations; the benefit beyond 2048-bit keys is small enough not to be of great use at the current time. It is often a larger benefit to consider lower validity times than more bits past 2048, but that is for you to decide.
    4040
    41 There is some reference material on the topic; in October of 2013 the European Union Agency for Network and Information Security released their Algorithms, Key Sizes and Parameters Report https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report     which specified that for "future system near term use", specified to be ''at least'' ten years, RSA keys of 3072 bits or more are recommended. 
     41There is some reference material on the topic; in October of 2013 the European Union Agency for Network and Information Security released their Algorithms, Key Sizes and Parameters Report https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report     which specified that for "future system near term use", specified to be ''at least'' ten years, RSA keys of 3072 bits or more are recommended.
     42
     43== Use of --tls-version-min ==
     44
     45As of OpenVPN 2.3.3, OpenVPN supports TLS version negotiation.  Earlier versions only supported TLS 1.0.  Also since OpenVPN 2.3.3, the `--tls-version-min` option is available to enforce a minimum TLS version.  Hardened setups should set `--tls-version-min` to `1.2` if possible.  But be aware that setting `tls-version-min` to `1.2` will make it impossible to connect for pre-2.3.3 clients, clients using the `cryptoapicert` option, or clients using on old TLS library version that does not support TLS 1.2.  To allow clients using the `cryptoapicert` option to connect, do not set `tls-version-min` greater than `1.1`.
    4246
    4347== Use of --tls-cipher ==
    4448
    45 By default, OpenVPN accepts a wide range of possible TLS cipher-suites; hardened systems should limit this to an acceptable list (which can be just 1) cipher as shown with `openvpn --show-tls`. '''Up to OpenVPN 2.3.2, only TLSv1.0 RSA ciphers are usable'''. You should use a DHE cipher-suite as well for forward-secrecy.
     49OpenVPN 2.4 and newer limits the default cipher list more than earlier versions did.  This makes it less prudent to harden your configuration using `--tls-cipher`.  Also be aware that it is very easy to create hard-to-debug connection failures when using `--tls-cipher` incorrectly.  That said, further limiting the number of ciphers does reduce the attack surface.
     50
     51In OpenVPN 2.3 and earlier, OpenVPN accepted a wide range of possible TLS cipher-suites by default.  These versions can be hardened by limiting this to an acceptable list, (which can be just 1 cipher) as shown with `openvpn --show-tls`. '''Up to OpenVPN 2.3.2, only TLSv1.0 RSA ciphers are usable'''. You should use a DHE cipher-suite as well for forward-secrecy.
    4652
    4753OpenVPN 2.3.3 enables support for TLSv1.2 cipher-suites, but note that requiring only TLSv1.2 cipher-suites is not backwards-compat with <=2.3.3 clients; your server/client may accept both a TLSv1.0 and TLSv1.2 option though, allowing older (pre-2.3.3) clients to connect as well.
     
    6874* TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
    6975
    70 Today, OpenVPN does not support TLS-ECDHE-* or more exotic cipher-suites as there is no elliptic curve support currently.
     76To use ECDH(E) or ECDSA cipher-suites, both client and server must be OpenVPN 2.4.0 or newer.  (Older versions might work, but this is not something you can rely on.)
    7177
    7278== Use of --tls-auth ==