41 | | There is some reference material on the topic; in October of 2013 the European Union Agency for Network and Information Security released their Algorithms, Key Sizes and Parameters Report https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report which specified that for "future system near term use", specified to be ''at least'' ten years, RSA keys of 3072 bits or more are recommended. |
| 41 | There is some reference material on the topic; in October of 2013 the European Union Agency for Network and Information Security released their Algorithms, Key Sizes and Parameters Report https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report which specified that for "future system near term use", specified to be ''at least'' ten years, RSA keys of 3072 bits or more are recommended. |
| 42 | |
| 43 | == Use of --tls-version-min == |
| 44 | |
| 45 | As of OpenVPN 2.3.3, OpenVPN supports TLS version negotiation. Earlier versions only supported TLS 1.0. Also since OpenVPN 2.3.3, the `--tls-version-min` option is available to enforce a minimum TLS version. Hardened setups should set `--tls-version-min` to `1.2` if possible. But be aware that setting `tls-version-min` to `1.2` will make it impossible to connect for pre-2.3.3 clients, clients using the `cryptoapicert` option, or clients using on old TLS library version that does not support TLS 1.2. To allow clients using the `cryptoapicert` option to connect, do not set `tls-version-min` greater than `1.1`. |
45 | | By default, OpenVPN accepts a wide range of possible TLS cipher-suites; hardened systems should limit this to an acceptable list (which can be just 1) cipher as shown with `openvpn --show-tls`. '''Up to OpenVPN 2.3.2, only TLSv1.0 RSA ciphers are usable'''. You should use a DHE cipher-suite as well for forward-secrecy. |
| 49 | OpenVPN 2.4 and newer limits the default cipher list more than earlier versions did. This makes it less prudent to harden your configuration using `--tls-cipher`. Also be aware that it is very easy to create hard-to-debug connection failures when using `--tls-cipher` incorrectly. That said, further limiting the number of ciphers does reduce the attack surface. |
| 50 | |
| 51 | In OpenVPN 2.3 and earlier, OpenVPN accepted a wide range of possible TLS cipher-suites by default. These versions can be hardened by limiting this to an acceptable list, (which can be just 1 cipher) as shown with `openvpn --show-tls`. '''Up to OpenVPN 2.3.2, only TLSv1.0 RSA ciphers are usable'''. You should use a DHE cipher-suite as well for forward-secrecy. |