mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-11-27 11:43:51 +08:00
8353ae8075
By default OpenSSL 1.1+ only allows signatures and ecdh/ecdhx from the default list of X25519:secp256r1:X448:secp521r1:secp384r1. In TLS1.3 key exchange is independent from the signature/key of the certificates, so allowing all groups per default is not a sensible choice anymore and instead a shorter list is reasonable. However, when using certificates with exotic curves that are not on the group list, the signatures of these certificates will no longer be accepted. The tls-groups option allows to modify the group list to account for these corner cases. Patch V2: Uses local gc_arena instead of malloc/free, reword commit message. Fix other typos/clarify messages Patch V3: Style fixes, adjust code to changes from mbedTLS session fix Patch V5: Fix compilation with OpenSSL 1.0.2 Patch V6: Redo the 'while((token = strsep(&tmp_groups, ":"))' change which accidentally got lost. Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Antonio Quartulli <antonio@openvpn.net> Message-Id: <20200721154922.17144-1-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20521.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
37 lines
1.8 KiB
Plaintext
37 lines
1.8 KiB
Plaintext
Since 2.4.0, OpenVPN has official support for elliptic curve crypto. Elliptic
|
|
curves are an alternative to RSA for asymmetric encryption.
|
|
|
|
Elliptic curve crypto ('ECC') can be used for the ('TLS') control channel only
|
|
in OpenVPN; the data channel (encrypting the actual network traffic) uses
|
|
symmetric encryption. ECC can be used in TLS for authentication (ECDSA) and key
|
|
exchange (ECDH).
|
|
|
|
Key exchange (ECDH)
|
|
-------------------
|
|
OpenVPN 2.4.0 and newer automatically initialize ECDH parameters. When ECDSA is
|
|
used for authentication, the curve used for the server certificate will be used
|
|
for ECDH too. When autodetection fails (e.g. when using RSA certificates)
|
|
OpenVPN lets the crypto library decide if possible, or falls back to the
|
|
secp384r1 curve. The list of groups/curves that the crypto library will choose
|
|
from can be set with the --tls-groups <grouplist> option.
|
|
|
|
An administrator can force an OpenVPN/OpenSSL server to use a specific curve
|
|
using the --ecdh-curve <curvename> option with one of the curves listed as
|
|
available by the --show-groups option. Clients will use the same curve as
|
|
selected by the server.
|
|
|
|
Note that not all curves listed by --show-groups are available for use with TLS;
|
|
in that case connecting will fail with a 'no shared cipher' TLS error.
|
|
|
|
Authentication (ECDSA)
|
|
----------------------
|
|
Since OpenVPN 2.4.0, using ECDSA certificates works 'out of the box'. Which
|
|
specific curves and cipher suites are available depends on your version and
|
|
configuration of the crypto library. The crypto library will automatically
|
|
select a cipher suite for the TLS control channel.
|
|
|
|
Support for generating an ECDSA certificate chain is available in EasyRSA (in
|
|
spite of it's name) since EasyRSA 3.0. The parameters you're looking for are
|
|
'--use-algo=ec' and '--curve=<curve_name>'. See the EasyRSA documentation for
|
|
more details on generating ECDSA certificates.
|