Hi, On 24 July 2017 at 14:20, SaAtomic <[email protected]> wrote: > I'm not sure if this question is more suitable for the OpenVPN or the > OpenSSl users list. > > With OpenVPN 2.4.0 and OpenSSL 1.0.2l only ECDHE and DHE are available, but > I do not have the option to define a key length, > so I assume OpenSSL's default key length will be used. With older versions > of OpenVPN/OpenSSL DH and ECDH are also available if I'm not mistaken. > > On the OpenSSL users mailing list, I was informed, that for the EC Diffie > Hellman, the chosen curve (e.g. NIST256, NIST384, ...) determines the key > length. > > What key length does OpenVPN use for DH, DHE, ECDH and ECDHE?
For DH/DHE, the key length is determined by the parameters you provide to the server through --dh. For ECDH/ECDHE, thee key size is determined by the curve, and the curve is determined by the server certificate. By default OpenVPN (1) tries to let OpenSSL 1.0.2 and newer or mbed TLS select the curve automatically, or for OpenSSL 1.0.1 and older uses either (2) the curve used in the server certificate (--cert) or (3) when the server cert is not an EC cert falls back to P-384. -Steffan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
