From: "Gert Doering" <g...@greenie.muc.de<mailto:g...@greenie.muc.de>> Date: Wednesday, 21 February 2024 at 18:24:43 To: "Witvliet, J, Ing." <j.witvl...@mindef.nl<mailto:j.witvl...@mindef.nl>> Cc: "openvpn-users@lists.sourceforge.net" <openvpn-users@lists.sourceforge.net<mailto:openvpn-users@lists.sourceforge.net>> Subject: Re: [Openvpn-users] key length Unable to verify the message Hi, On Wed, Feb 21, 2024 at 02:39:04PM +0000, Hans via Openvpn-users wrote: > Last week i got a reminder, that (at least in Germany by the BSI ) the > minimum key-length has been changed to 3072 bits. > And before someone is going to mention it: yes, I know that according to > NIST, 2K keys could be used until 2030 > > So, can Openvpn handle keys longer than 2K? The actual asymmetric key handling (RSA certificates etc) is done by the SSL library, there is no limitation imposed by OpenVPN. So 4k or even 8k should be fine, it will just take much longer for the TLS negotiation, with diminishing returns. Ah! So, in my case I should ask the developers at mbedtls, as we don’t use OpenSSL… Thanks! gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de<mailto:g...@greenie.muc.de> Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
