Hello David, Gert
Thank you very much for your answers.... which were partially now also a
confirmation of how I have understood that so far.
Am 14.11.19 um 11:51 schrieb Gert Doering:
> As David explained in great detail just last week, the data channel keying is
seeded from the TLS handshake. Always.
I have work with it the last days :-) The problem was probably due to a misunderstanding, because I thought, I have (!) to force
(!) explicit DH'E' or ECDH'E' to determine, that a ephemeral key with the DH-Algorithm is determined for symmetric encryption on
the Data-Channel ... and without the 'E' the session-key on Data-Channel could repeat itself, like static. But it seems to be
different ...TLS V1.3 on the Control-Channel always negotiates an ephemeral session key for the data channel. But that was the
point, I could see that earlier about the TLS-Cipher-Statement (EC)DH'E'. And the 'E' says to me "ephemeral key is forced to
use". At now I only have missed some hint on it, but that seems to be the default behavior with TLS V1.3.
Am 14.11.19 um 11:51 schrieb Gert Doering:
> So unless you decide to run OpenVPN without TLS (which you can, but which has
not
> been recommended since 10+ years), you will never have a static key for data
channel.
I think the sentence above has answered my main-question.
Am 14.11.19 um 12:51 schrieb David Sommerseth:
> I would still recommend to kick out --tls-cipher, and consider setting
--tls-version-min to at least 1.2.
> If you know all your clients are capable of TLSv1.3, then set it to 1.3.
tls-version-min 1.2 and tls-crypt has always been set. And at the moment I haven't yet decided to set 1.3 as the default. I'll
check that out at next, to see if that is possible with my Hardware.
Am 14.11.19 um 12:51 schrieb David Sommerseth:
> I would recommend to*not* use --tls-cipher.
OK, that's decided, I'm not going to use the cipher statement in the future,
because TLS will always choose the best one.
I just don't know yet, how I have to deal with --dh or --ecdh-curve now. In the past I used either to specify a dh.pem file or
--dn none and --ecdh-curve. Now, if I don't specify --ecdh-curve, secp384r1 will be added automatically. If I only use a dh.pem
file, the message "Diffie-Hellman initialized with 4096 bit key" will appear and secp384r1 is added anyway with the message
"Failed to extract curve from certificate (UNDEF), using secp384r1 instead".
How can I decide on whether ECDH or DH should be used? Is it even necessary to specify this explicitly as before? At the moment
I would prefer the dh.pem file, even if EC are supposed to be more perfomanter.
Sorry, I have a little bit a guilty conscience because of my questions, but with the change from 1.2 to 1.3 more has changed
than you might think at first sight. And this topic is so extremely demanding, that you alone can never find the right way
without hints. BTW, what you can find on the internet is sometimes quite contradictory... which doesn't make it easy either.
Best Regards
Tom
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
