On 04/03/14 23:48, Steffan Karger wrote:
Hi,
On Tue, Mar 4, 2014 at 10:49 PM, pietrek -- <pietre...@gmail.com
<mailto:pietre...@gmail.com>> wrote:
[...]
I think we could add option "--dh none" or "--no-dh". It may be
specified, if user knows what he's doing.
I like that idea. It offers a migration path for users that really
want to skip the DH-stuff. I'd vote for "--dh '[none]'", as it does
not add a new option (openvpn has more then enough options ;) ), and
is hard to accidentally supply as a file name.
This is more a usability thing then a crypto thing, so I'd like to
hear more opinions on this.
Option --no-ecdh( or --ecdh none ) could be useful if user does
not want
to use ECDH for some reason.
I do not like this one. A user gets ECDH initialisation for free, and
if a power user really wants to disable ECDH, (s)he can use
--tls-cipher "DEFAULT:!EXP:!ECDH" or something like that. An explicit
extra option adds code, while it is not needed for the functionality.
Also, to avoid unexpected behaviour like fallback into RSA, we could
force openssl to use DH or ECDH only.
Do you have any idea on how to achieve this, other than setting
explicit tls-cipher lists? The cipher list has a limited interface,
which would result in actively maintaining a list of 'approved'
ciphers within the OpenVPN codebase. I would not like to do that.
According to 'man SSL_CTX_set_tmp_rsa_callback'
On OpenSSL servers ephemeral RSA key exchange is therefore
disabled by default and must be explicitly
enabled using the SSL_OP_EPHEMERAL_RSA option of
SSL_CTX_set_options(3), violating the TLS/SSL
standard. When ephemeral RSA key exchange is required for export
ciphers, it will automatically be
used without this option!
so this would suggest that ephemeral RSA keys are not used by default
unless explicitly enabled (as it breaks TLS/SSL).
cheers,
JJK
