Opened 3 years ago
Last modified 3 years ago
#1371 new Feature Wish
Allow TLS-Crypt-V2 Server key to be password protected — at Version 1
| Reported by: | tct | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Generic / unclassified | Version: | OpenVPN 2.5.0 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | tls-crypt-v2 |
| Cc: | Steffan Karger, Gert Döring, plaisthos, tct, David Sommerseth, Selva, Nair |
Description (last modified by )
This is a standard security feature of all keys that I can think of, except this one.
Obviously, I can do this outside of openvpn using openssl but then the key has to be decrypted before openvpn can load it. So I am asking for openvpn to manage this task.
Openvpn would have to prompt for the password and users would also want to store passwords in plain text (because they always do..)
Rational: This is likely not something syzzer would expect but ..
If the server key is password protected then it could feasibly be used by a client (who has the key and knows the password) to remotely generate new client keys on the fly (Maybe to beat DPI).
This may be a lot of effort for a tiny feature so maybe just a pipe dream.
