Changes between Version 5 and Version 6 of Hardening


Ignore:
Timestamp:
04/15/14 01:09:54 (10 years ago)
Author:
IncreasedSecurity
Comment:

ENISA information on longer RSA keys added (with citation), updated tls-cipher info with TLS 1.0 only in 2.3.3, DES weakness clarification, RC4 warning

Legend:

Unmodified
Added
Removed
Modified

  • Hardening

    v5 v6  
    4141Up to 4096-bit is accepted by nearly all RSA systems (including OpenVPN,) but use of keys this large will dramatically increase generation time, TLS handshake delays, and CPU usage for TLS operations; the benefit beyond 2048-bit keys is small enough not to be of great use at the current time. It is often a larger benefit to consider lower validity times than more bits past 2048, but that is for you to decide.
    4242
     43There is some reference material on the topic; in October of 2013 the European Union Agency for Network and Information Security released their Algorithms, Key Sizes and Parameters Report https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report     which specified that for "future system near term use", specified to be ''at least'' ten years, RSA keys of 3072 bits or more are recommended. 
     44
    4345== Use of --tls-cipher ==
    4446
    45 By default, OpenVPN accepts a wide range of possible TLS cipher-suites; hardened systems should limit this to an acceptable list (which can be just 1) cipher as shown with `openvpn --show-tls`. '''As of OpenVPN 2.3.2, only TLSv1.0 RSA ciphers are usable'''. You should use a DHE cipher-suite as well for forward-secrecy.
     47By default, OpenVPN accepts a wide range of possible TLS cipher-suites; hardened systems should limit this to an acceptable list (which can be just 1) cipher as shown with `openvpn --show-tls`. '''As of OpenVPN 2.3.3, only TLSv1.0 RSA ciphers are usable'''. You should use a DHE cipher-suite as well for forward-secrecy.
    4648
    47 A git-master (slated to be included in >=2.3.3) enables support for TLSv1.2 cipher-suites, but note that requiring only TLSv1.2 cipher-suites is not backwards-compat with <=2.3.2 clients; your server/client may accept both a TLSv1.0 and TLSv1.2 option though.
     49A git-master (slated to be included in >=2.3.4) enables support for TLSv1.2 cipher-suites, but note that requiring only TLSv1.2 cipher-suites is not backwards-compat with <=2.3.3 clients; your server/client may accept both a TLSv1.0 and TLSv1.2 option though.
    4850
    4951It's wise to use as small of a list as possible for your `--tls-cipher` option. Exceptions could include if you wish to provide the client their choice of several acceptable options.
     
    5759* TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
    5860* TLS-DHE-RSA-WITH-DES-CBC-SHA
    59   * ^Avoid: known very week^
     61  * ^Avoid all DES cipher suites: DES is known to be very weak (3DES-EDE is still fine)^
     62  * ^Avoid all RC4 cipher suites: RC4 is known to be weak^
     63  * ^Avoid all EXPORT cipher suites: EXPORT is specified to be weak many years ago^
    6064
    61 The following are TLSv1.2 DHE + RSA choices, requiring a compatible peer (git-master today, and targeted for a future >=2.3.3 version.):
     65The following are TLSv1.2 DHE + RSA choices, requiring a compatible peer (git-master today, and targeted for a future >=2.3.4 version.):
    6266
    6367* TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
     
    6670* TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
    6771
    68 Today, OpenVPN does not support ECDHE or more exotic cipher-suites as there is no elliptic curve support currently.
     72Today, OpenVPN does not support TLS-ECDHE-* or more exotic cipher-suites as there is no elliptic curve support currently.
    6973
    7074== Use of --tls-auth ==