From 1ee8e01b8807f217ea4e00a59f6889cf0a109e6f Mon Sep 17 00:00:00 2001 From: stilez Date: Sun, 18 Sep 2016 20:30:14 +0100 Subject: Add OpenVPN key lengths to Wizard - missed in original PRs Original PRs and rationale: * https://github.com/pfsense/pfsense/pull/2944 ("Add missing recommended key lengths/digest to Cert system") * https://github.com/pfsense/pfsense/pull/2942 ("Add missing recommended key lengths to OpenVPN options") Rationale is same as for those PRs - I missed the OpenVPN Wizard in the original (cherry picked from commit f8d6f99d08c029355f296a96d38aa54f07e2f00a) --- src/usr/local/www/wizards/openvpn_wizard.xml | 52 ++++++++++++++++++++++++---- 1 file changed, 46 insertions(+), 6 deletions(-) (limited to 'src/usr/local/www/wizards') diff --git a/src/usr/local/www/wizards/openvpn_wizard.xml b/src/usr/local/www/wizards/openvpn_wizard.xml index 905444d..1af3ab3 100644 --- a/src/usr/local/www/wizards/openvpn_wizard.xml +++ b/src/usr/local/www/wizards/openvpn_wizard.xml @@ -542,27 +542,47 @@ keylength Key length - <br/>Size of the key which will be generated. The larger the key, the more security it offers, but larger keys are generally slower to use. + <br/>SSize of the key which will be generated. The larger the key, the more security it offers, but larger keys take considerably more time to generate, and take slightly longer to validate leading to a slight slowdown in setting up new sessions (not always noticeable). As of 2016, 2048 bit is the minimum and most common selection and 4096 is the maximum in common use. For more information see <a href="https://keylength.com">keylength.com</a> select 2048 ovpnserver->step9->keylength + + + + + @@ -717,11 +737,31 @@ 2048 + + + + + - <br/>Length of Diffie-Hellman (DH) key exchange parameters, used for establishing a secure communications channel. As with other such settings, the larger values are more secure, but may be slower in operation. + <br/>Length of Diffie-Hellman (DH) key exchange parameters, used for establishing a secure communications channel. The DH parameters are different from key sizes, but as with other such settings, the larger the key, the more security it offers, but larger keys take considerably more time to generate. As of 2016, 2048 bit is a common and typical selection. crypto -- cgit v1.1