Changes between Version 5 and Version 6 of Hardening
- Timestamp:
- 04/15/14 01:09:54 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Hardening
v5 v6 41 41 Up to 4096-bit is accepted by nearly all RSA systems (including OpenVPN,) but use of keys this large will dramatically increase generation time, TLS handshake delays, and CPU usage for TLS operations; the benefit beyond 2048-bit keys is small enough not to be of great use at the current time. It is often a larger benefit to consider lower validity times than more bits past 2048, but that is for you to decide. 42 42 43 There is some reference material on the topic; in October of 2013 the European Union Agency for Network and Information Security released their Algorithms, Key Sizes and Parameters Report https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report which specified that for "future system near term use", specified to be ''at least'' ten years, RSA keys of 3072 bits or more are recommended. 44 43 45 == Use of --tls-cipher == 44 46 45 By default, OpenVPN accepts a wide range of possible TLS cipher-suites; hardened systems should limit this to an acceptable list (which can be just 1) cipher as shown with `openvpn --show-tls`. '''As of OpenVPN 2.3. 2, only TLSv1.0 RSA ciphers are usable'''. You should use a DHE cipher-suite as well for forward-secrecy.47 By default, OpenVPN accepts a wide range of possible TLS cipher-suites; hardened systems should limit this to an acceptable list (which can be just 1) cipher as shown with `openvpn --show-tls`. '''As of OpenVPN 2.3.3, only TLSv1.0 RSA ciphers are usable'''. You should use a DHE cipher-suite as well for forward-secrecy. 46 48 47 A git-master (slated to be included in >=2.3. 3) enables support for TLSv1.2 cipher-suites, but note that requiring only TLSv1.2 cipher-suites is not backwards-compat with <=2.3.2clients; your server/client may accept both a TLSv1.0 and TLSv1.2 option though.49 A git-master (slated to be included in >=2.3.4) enables support for TLSv1.2 cipher-suites, but note that requiring only TLSv1.2 cipher-suites is not backwards-compat with <=2.3.3 clients; your server/client may accept both a TLSv1.0 and TLSv1.2 option though. 48 50 49 51 It's wise to use as small of a list as possible for your `--tls-cipher` option. Exceptions could include if you wish to provide the client their choice of several acceptable options. … … 57 59 * TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA 58 60 * TLS-DHE-RSA-WITH-DES-CBC-SHA 59 * ^Avoid: known very week^ 61 * ^Avoid all DES cipher suites: DES is known to be very weak (3DES-EDE is still fine)^ 62 * ^Avoid all RC4 cipher suites: RC4 is known to be weak^ 63 * ^Avoid all EXPORT cipher suites: EXPORT is specified to be weak many years ago^ 60 64 61 The following are TLSv1.2 DHE + RSA choices, requiring a compatible peer (git-master today, and targeted for a future >=2.3. 3version.):65 The following are TLSv1.2 DHE + RSA choices, requiring a compatible peer (git-master today, and targeted for a future >=2.3.4 version.): 62 66 63 67 * TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 … … 66 70 * TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 67 71 68 Today, OpenVPN does not support ECDHEor more exotic cipher-suites as there is no elliptic curve support currently.72 Today, OpenVPN does not support TLS-ECDHE-* or more exotic cipher-suites as there is no elliptic curve support currently. 69 73 70 74 == Use of --tls-auth ==