Hi, On Fri, 14 Sep 2018 at 18:46, <2...@minasithil.org> wrote: > Would ECDHE-ECDSA-AES128-GCM-SHA256 be a good cipher for a routed VPN > with a central server and many independent nodes? > I have heard about ECDSA problems due to poor (P)RNG implementations > causing key leakage, but I guess I could just pick > ECDHE-RSA-AES128-GCM-SHA256 if that is of concern. > > I would like to hear your thoughts about that approach. > Thank you.
Both are fine. Good random is indeed important ECDHE-ECDSA, but only marginally less so for ECDHE-RSA. Both ECDHE (the ephemeral key exchange) and the OpenVPN protocol itself need good random to generate ephemeral keys too. -Steffan _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
