2017-03-31 13:26 GMT+05:00 Samuli Seppänen <sam...@openvpn.net>:
> Hi,
>
> We still bundle EasyRSA 2 with our Windows installers and it is
> prominently advertised on our widely linked to HOWTO:
>
> <https://openvpn.net/index.php/open-source/documentation/howto.html>
>
> As such, EasyRSA 2 is used by many/most OpenVPN server admins.
>
> However, the default values for EasyRSA 2 such as MD5 hashing algorithm
> and 1024-bit keysize seem totally inadequate for today's standards:
>
> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/vars#L53
> >
> <https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-
> rsa/2.0/openssl-1.0.0.cnf#L57>
>
> I think we should upgrade these to something more recent. What would
> more modern reasonable defaults be?
>
someday we decided to use DSA (instead of default RSA)
it worked ... until we started to use OpenVPN Connect for iOS.
next, we had to change back to RSA
the conclusion would be "test all available platforms and take a decision",
probably even set up special test server and ask people on openvpn-users
mailing list
>
> --
> Samuli Seppänen
> Community Manager
> OpenVPN Technologies, Inc
>
> irc freenode net: mattock
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
