Hi,
On Fri, Dec 16, 2016 at 04:53:34PM +0100, Sebastian Rubenstein wrote:
> OpenVPN should thank you for extolling and evangelizing the benefits of
> upgrading to 2.4 :)
Since Jan-Just is "part of OpenVPN", he's in this with the rest of us :-)
gert
--
USENET is *not* the non-clickable part of
>> Subject: Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider
>> using weak or strong encryption algorithms?
> Hello Jan, thanks for your reply.
>
> I have learnt something new from you. I was under the impression that
> tls-auth is used to protect customer
Hi,
On 16/12/16 13:27, Sebastian Rubenstein wrote:
> Can I take your above statement into consideration when I shop for a
commercial VPN provider? For example, before I buy a subscription plan,
I will ask if they use tls-auth ta.key. If they do, it means they trust
their customers, yes?
Not
pn-users@lists.sourceforge.net
> Subject: Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider
> using weak or strong encryption algorithms?
>
> But --tls-auth makes it far harder to inject packets, as
> both client and server will just throw away packets with an u
Thanks Steffan for your explanation but
> Sent: Friday, December 16, 2016 at 6:05 AM
> From: "Steffan Karger" <stef...@karger.me>
> To: "openvpn-users@lists.sourceforge.net"
> <openvpn-users@lists.sourceforge.net>
> Subject: Re: [Openvpn-user
Hi,
On 15 December 2016 at 19:11, David Sommerseth
wrote:
> On 15/12/16 16:35, Sebastian Rubenstein wrote:
>> Could you explain in greater detail your statement "use AES-256-GCM
>> for more efficiency on the data channel"?
>
> I'll leave this to Steffan (or
On 15/12/16 16:35, Sebastian Rubenstein wrote:
> Hi Steffan
>
> Thanks for taking the time to explain to me the salient features of
> a good encryption/decryption VPN.
>
>>> tls-client
>>
>> This means you're using TLS for forward secrecy, and are refreshing you
>> data channel keys (at least)
On 15/12/16 16:08, Sebastian Rubenstein wrote:
> Hi Jan,
>
> Thanks for your tip.
>
>> You can check the cipher strength of the CA certificate by
>> writing the CA blob
>>
>>
>> -BEGIN CERTIFICATE-
>>
>> Large chunks of alphanumeric text
>>
>> -END CERTIFICATE-
>>
>>
>> to a
Hi Steffan
Thanks for taking the time to explain to me the salient features of a good
encryption/decryption VPN.
> > tls-client
>
> This means you're using TLS for forward secrecy, and are refreshing you
> data channel keys (at least) hourly. That's good.
Is "forward secrecy" the same as
Hi Jan,
Thanks for your tip.
> You can check the cipher strength of the CA certificate by
> writing the CA blob
>
>
> -BEGIN CERTIFICATE-
>
> Large chunks of alphanumeric text
>
> -END CERTIFICATE-
>
>
> to a file and then run
>openssl x509 -text -noout -in cert.pem |
Hi,
I fully agree with Steffan. An extra check you can throw in is to check
the client and server side certificates, as well as the CA certificate.
The server certificate may be signed using RSA4096 but if other
certificates in the chain are weaker then this offers little
protection. You can
Hi,
On 14-12-16 17:31, Sebastian Rubenstein wrote:
> I hope that some experts here will be able to tell me if my VPN provider uses
> weak encryption standards with regards to encryption/decryption of control
> channel authentication and data channel? Thanks.
>
> Below is a sample of a redacted
12 matches
Mail list logo