Timeline for In OpenVPN, which is the difference between EC and ED? Is it needed DH file when I use elliptic curve?
Current License: CC BY-SA 4.0
6 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| May 9 at 11:01 | history | edited | grawity_u1686 | CC BY-SA 4.0 |
added 7 characters in body
|
| May 9 at 10:13 | vote | accept | Álvaro García | ||
| May 9 at 8:48 | comment | added | grawity_u1686 |
Possibly – I assume it works like with any other TLS-based service. I know recent OpenSSL now has built-in DH parameters with SSL_CTX_set_dh_auto(), but OpenVPN doesn't seem to call that, so I'd assume dh none disables traditional DH completely.
|
|
| May 9 at 8:44 | comment | added | Tom Yan |
It seems to me (as per the manual) that the dh option serves as sort of a fallback, i.e., if the cipher suite chosen does not support ECDH, or the SSL/TLS library does not support such a cipher suite, "traditional" DH will be used with the parameter file specified with the option. (And I guess if you have dh none, OpenVPN would avoid cipher suite that does not support ECDH, and if it can't or is instructed explicitly to use such a cipher suite, it will just error out?)
|
|
| May 9 at 8:34 | history | edited | grawity_u1686 | CC BY-SA 4.0 |
deleted 18 characters in body
|
| May 9 at 8:29 | history | answered | grawity_u1686 | CC BY-SA 4.0 |