Changes between Version 4 and Version 5 of GettingStartedwithOVPN

Timestamp:

08/29/16 12:54:25 (8 years ago)

Author:

David Sommerseth

Comment:

Discourage BF and provide Sweet32 info

GettingStartedwithOVPN

@@ -142 +142 @@
 This temporary encryption key (which you will not see for yourself; it will be in RAM only) is used for encrypting the data which will be passed over the VPN connection, also known as the data channel.  So all your network traffic between your server and client goes in the data channel and will be encrypted by this temporary key.
 
-The encryption algorithm which is used for the data channel can be modified as well.  By default, OpenVPN will use the Blowfish algortihm.  OpenVPN mostly provides the same algorithms as your SSL library supports.  To see which algorithms are available, see the outpout of:
+The encryption algorithm which is used for the data channel can be modified as well.  OpenVPN mostly provides the same algorithms as your SSL library supports.  To see which algorithms are available, see the outpout of:
 
 {{{
@@ -150 +150 @@
 Those ciphers which are listed with '(variable)' in the output can have a variable key length, controlled by the --keysize option.
 
-If you are happy with the default Blowfish algorithm, you don't need to add anything.  If you would prefer an AES algorithm with 256 bits encryption, add this line to both client and server configs:
+'''WARNING:''' By default OpenVPN does currently use the Blowfish cipher, but that is now discouraged due to general issues with Blowfish, RC4, CAST5 and DES/3DES.  If you need to use any of these weaker algorithms, do at least consider to add `--reneg-bytes 64000000` to your configuration.  For more information see [wiki:SWEET32].
+
+To use the prefer an AES algorithm with 256 bits encryption, add this line to both client and server configs:
 
 {{{