diff options
| author | stilez <stilez@users.noreply.github.com> | 2016-05-08 04:41:00 +0100 |
|---|---|---|
| committer | Stephen Beaver <sbeaver@netgate.com> | 2016-06-22 11:05:54 -0400 |
| commit | bd1a4433ea9c23e358579b4f62e1af0b1977e5b0 (patch) | |
| tree | 0f517c370998393690e4ceac1309911d048a5a57 /src | |
| parent | cb0222b03d13ff4563930e9d36a2af3f9e818eed (diff) | |
| download | pfsense-bd1a4433ea9c23e358579b4f62e1af0b1977e5b0.zip pfsense-bd1a4433ea9c23e358579b4f62e1af0b1977e5b0.tar.gz | |
Add missing recommended key lengths to OpenVPN options
Add key lengths to the OpenVPN options, for asymmetric keys of size 3072 (for current use), 7680, 15360 (for long term resistance), 8192 and 16384 (common binary exponents).
These are both supported by OpenVPN anyhow, and for certain uses are currently recommended (eg long term resistance to replay/decryption). See keylength.com for citations.
This PR would only affect OpenVPN, and OpenVPN supports these key sizes, so should not cause any issue.
(cherry picked from commit 0693c96797f7d5dfa097d24070e2bd4c9528d0e7)
Diffstat (limited to 'src')
| -rw-r--r-- | src/etc/inc/openvpn.inc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index 9e87170..2be9b37 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -103,7 +103,8 @@ $openvpn_verbosity_level = array( global $openvpn_dh_lengths; $openvpn_dh_lengths = array( - 1024, 2048, 4096); + 1024, 2048, 3072, 4096, 7680, 8192, 15360, 16384 +); global $openvpn_cert_depths; $openvpn_cert_depths = array( |
