Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion
  Previous topic | Next topic 
Author Message
zjl
 Post subject:
PostPosted: Sat Nov 26, 2011 6:10 am 
Offline
Senior Newbie

Joined: Fri Nov 25, 2011 9:49 pm
Posts: 6
Blowfish is the default cipher, unbreakable and chose by the OpenVPN team as a good balance of great strenght and low ressource usage. You have no reason to 'upgrade' it really.

Still, you change the cipher by having a matching cipher line in both client and server configuration file.

Find the list of available ciphers by running
Code:
openvpn --show-ciphers


Then just add a line
Code:
cipher AES-256-CBC

to both client and server conf.

If you're interested in tweaking all this (and there's really no need), you may want to also look at tls-cipher and auth.

As an example, because I'm also pretty eager to always use the bigger even if it's not really needed, I have:
Code:
tls-cipher DHE-RSA-AES256-SHA
cipher AES-256-CBC
auth ecdsa-with-SHA1


Find a list of what's available on your particular system with
Code:
openvpn --show-tls
openvpn --show-ciphers
openvpn --show-digests


You should make sure that what you decide to use is supported both by your server and your client.

Have fun,
zjl
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion


Who is online

Users browsing this forum: No registered users and 6 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group