Opened 3 years ago
Last modified 3 years ago
#1371 new Feature Wish
Allow TLS-Crypt-V2 Server key to be password protected — at Initial Version
Reported by: | tct | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | Generic / unclassified | Version: | OpenVPN 2.5.0 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | tls-crypt-v2 |
Cc: | Steffan Karger, Gert Döring, plaisthos, tct, David Sommerseth, Selva, Nair |
Description
This is a standard security feature of all keys that I can think of, except this one.
Obviously, I can do this outside of openvpn
using openssl
but then the key has to be decrypted before openvpn
can load it. So I am asking for openvpn
to manage this task.
Openvpn would have to prompt for the password and users would also want to store passwords in plain text (because they always do..)
Rational: This is likely not something syzzer would expect but ..
If the server key is password protected then it could feasibly be used by a client (who has the key and knows the password) to generate new client keys on the fly (Maybe to beat DPI).
This may be a lot of effort for a tiny feature so maybe just a pipe dream.