From f8d6f99d08c029355f296a96d38aa54f07e2f00a Mon Sep 17 00:00:00 2001
From: stilez <stilez@users.noreply.github.com>
Date: Sun, 18 Sep 2016 20:30:14 +0100
Subject: Add OpenVPN key lengths to Wizard - missed in original PRs

Original PRs and rationale:

* https://github.com/pfsense/pfsense/pull/2944 ("Add missing recommended key lengths/digest to Cert system")
* https://github.com/pfsense/pfsense/pull/2942 ("Add missing recommended key lengths to OpenVPN options")

Rationale is same as for those PRs - I missed the OpenVPN Wizard in the original
---
 src/usr/local/www/wizards/openvpn_wizard.xml | 52 ++++++++++++++++++++++++----
 1 file changed, 46 insertions(+), 6 deletions(-)

(limited to 'src/usr/local/www/wizards')

diff --git a/src/usr/local/www/wizards/openvpn_wizard.xml b/src/usr/local/www/wizards/openvpn_wizard.xml
index 9e9f021..e3eab98 100644
--- a/src/usr/local/www/wizards/openvpn_wizard.xml
+++ b/src/usr/local/www/wizards/openvpn_wizard.xml
@@ -510,27 +510,47 @@
 		<field>
 			<name>keylength</name>
 			<displayname>Key length</displayname>
-			<description>&lt;br/&gt;Size of the key which will be generated. The larger the key, the more security it offers, but larger keys are generally slower to use.</description>
+			<description>&lt;br/&gt;SSize of the key which will be generated. The larger the key, the more security it offers, but larger keys take considerably more time to generate, and take slightly longer to validate leading to a slight slowdown in setting up new sessions (not always noticeable). As of 2016, 2048 bit is the minimum and most common selection and 4096 is the maximum in common use. For more information see &lt;a href="https://keylength.com"&gt;keylength.com&lt;/a&gt;</description>
 			<type>select</type>
 			<value>2048</value>
 			<bindstofield>ovpnserver->step9->keylength</bindstofield>
 			<options>
 				<option>
-					<name>512 bits</name>
+					<name>512 bit</name>
 					<value>512</value>
 				</option>
 				<option>
-					<name>1024 bits</name>
+					<name>1024 bit</name>
 					<value>1024</value>
 				</option>
 				<option>
-					<name>2048 bits</name>
+					<name>2048 bit</name>
 					<value>2048</value>
 				</option>
 				<option>
-					<name>4096 bits</name>
+					<name>3072 bit</name>
+					<value>3072</value>
+				</option>
+				<option>
+					<name>4096 bit</name>
 					<value>4096</value>
 				</option>
+				<option>
+					<name>7680 bit</name>
+					<value>7680</value>
+				</option>
+				<option>
+					<name>8192 bit</name>
+					<value>8192</value>
+				</option>
+				<option>
+					<name>15360 bit</name>
+					<value>15360</value>
+				</option>
+				<option>
+					<name>16384 bit</name>
+					<value>16384</value>
+				</option>
 			</options>
 		</field>
 		<field>
@@ -685,11 +705,31 @@
 					<value>2048</value>
 				</option>
 				<option>
+					<name>3072 bit</name>
+					<value>3072</value>
+				</option>
+				<option>
 					<name>4096 bit</name>
 					<value>4096</value>
 				</option>
+				<option>
+					<name>7680 bit</name>
+					<value>7680</value>
+				</option>
+				<option>
+					<name>8192 bit</name>
+					<value>8192</value>
+				</option>
+				<option>
+					<name>15360 bit</name>
+					<value>15360</value>
+				</option>
+				<option>
+					<name>16384 bit</name>
+					<value>16384</value>
+				</option>
 			</options>
-			<description>&lt;br/&gt;Length of Diffie-Hellman (DH) key exchange parameters, used for establishing a secure communications channel. As with other such settings, the larger values are more secure, but may be slower in operation.</description>
+			<description>&lt;br/&gt;Length of Diffie-Hellman (DH) key exchange parameters, used for establishing a secure communications channel. The DH parameters are different from key sizes, but as with other such settings, the larger the key, the more security it offers, but larger keys take considerably more time to generate. As of 2016, 2048 bit is a common and typical selection.</description>
 		</field>
 		<field>
 			<name>crypto</name>
-- 
cgit v1.1