The openvpn configuration includes a keepalive parameter with following values: 10 120
you think this is sufficient? Whereby I'm uncertain about the function in OpenVPN in regards to your statement. best regards Akendo On 08/24/2016 08:43 PM, Hanno Böck wrote: > On Wed, 24 Aug 2016 19:24:22 +0200 > Akendo <[email protected]> wrote: > >> As far I see this, when following the recommendation for server like >> nginx or OpenVPN 3DES is disabled and it should not be an issue, >> correct? > > There's probably not a whole lot for the bettercrypto guide, yet this > has some interesting aspects. > > One that I think hasn't come up a lot before is limiting keepalive > connections. We actually thought about that during writing the GCM > nonce paper as well. Crypto attacks that require a lot of data to be > encrypted *with the same key* can be effectively mitigated with a > practically irrelevant performance hit if you limit requests over one > connection to - let's say - 100 (like apache does). > > What might also be interesting is looking into more unusual protocols > that might still use blowfish or 3des. It was used in SSH, but lately > OpenSSH has aggressively deprecated everything old. These ciphers were > more or less considered secure. While the block collission issue is not > really new, it may not have been known so widely. > > > > _______________________________________________ > Ach mailing list > [email protected] > http://lists.cert.at/cgi-bin/mailman/listinfo/ach > _______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
