Hi James,

On 22-02-17 19:48, James Yonan wrote:
> mbedTLS 2 has a new feature that allows rejection of certificates if the 
> key size is too small or the signing hash is weak.
> The feature is controlled via struct mbedtls_x509_crt_profile.
> For example, you could specify that certificates must be at least 2048 
> bits and use a SHA-2 signing alg.
> Wondering if we should enable this via an option, or tie it into the 
> existing tls-version-min.
> The granular approach would be to have specific options for each limit, 
> such as ssl-min-key-size, ssl-require-sha2
> The bundled approach would be to take an existing option such as 
> tls-version-min and add additional constraints onto it.  For example, if 
> tls-version-min is 1.2 or higher, then also require minimum key size to 
> be 2048 and certificate signing hash to be SHA-2.

OpenVPN 2.4 currently just uses mbed TLS' default profile, and we tell
people to use stronger keys (RSA 2048+ / ECDSA) or a stronger hash
function (SHA1+) if that causes trouble.

If we are going to make this configurable, I think we should separate it
from tls-version-min.  The main use case I see for using a lower
security setting would be an out-of-the-admins-control CA, or something
like (old) smart cards that don't support RSA-2048.  I wouldn't want to
block people from enforcing TLS 1.2, because their smart card is crappy.

So I think we'll have to add the relevant --tls-rsa-key-size-min,
--tls-curves (could replace --ecdh-curves), --tls-digests options.  If
we want to make it configurable, that is.


Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Openvpn-devel mailing list

Reply via email to