A good info on the topic as an additional source.
https://blog.cryptographyengineering.com/2016/08/attack-of-week-64-bit-ciphers-in-tls.html
On August 24, 2016 9:48:46 PM GMT+02:00, "René Pfeiffer" <[email protected]> wrote:
>On Aug 24, 2016 at 2119 +0200, Akendo appeared and said:
>> The openvpn configuration includes a keepalive parameter with
>following
>> values: 10 120
>>
>> you think this is sufficient? Whereby I'm uncertain about the
>function
>> in OpenVPN in regards to your statement.
>
>OpenVPN uses the keepalive parameter to determin if the remote end is
>still
>reachable. It is usually used to tune OpenVPN tunnels to lossy or high
>latency network links. This means that it is different from Apache's
>implementation.
>
>In order to protect your OpenVPN setup I suggest using the ciphers
>discussed in the Bettyrcrypto guide (AES is a good choice). Furthermore
>I
>recommend
>
>- using the shared key created by "openvpn --genkey --secret" to lock
>out
> scans,
>- using X.509 keys and certificates with a private CA (the only option
> which can take advantage of perfect forward secrecy).
>
>Cheers,
>René.
>
>--
>)\._.,--....,'``. fL Let GNU/Linux work for you while you take a nap.
>/, _.. \ _\ (`._ ,. R. Pfeiffer <lynx at luchs.at> +
>http://web.luchs.at/
>`._.-(,_..'--(,_..'`-.;.' - System administration + Consulting +
>Teaching -
>Got mail delivery problems?
>https://web.luchs.at/information/blockedmail.php
>Warning: Do _NOT_ send emails with HTML content to my address! No
>guarantees!
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Ach mailing list
>[email protected]
>http://lists.cert.at/cgi-bin/mailman/listinfo/ach
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
Ach mailing list
[email protected]
http://lists.cert.at/cgi-bin/mailman/listinfo/ach
