https://bugs.koozali.org/show_bug.cgi?id=13115
Bug ID: 13115
Summary: Update config security defaults
Classification: Contribs
Product: SME Contribs
Version: 11.0
Hardware: ---
OS: ---
Status: CONFIRMED
Severity: normal
Priority: P3
Component: smeserver-openvpn-routed
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Target Milestone: ---
On my v10 boxes I have the following set which I would imagine is a minimum
now:
config show openvpn-routed
openvpn-routed=service
Cipher=AES-256-CBC
Compression=disabled
HMAC=SHA256
This sets
#securing control channel
tls-version-min 1.2
tls-cipher
TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#securing data channel
cipher AES-256-CBC
auth SHA256
I think this should be added for newer versions of openvpn?
; cipher is now added to data-ciphers
data-ciphers AES-256-CBC
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
