pfSense Support Subscription

Author Topic: TLS authentication KEY_SIZE=4096  (Read 92 times)

0 Members and 1 Guest are viewing this topic.

Offline simby

  • Full Member
  • ***
  • Posts: 212
  • Karma: +0/-0
    • View Profile
TLS authentication KEY_SIZE=4096
« on: December 04, 2017, 12:41:09 am »
Hi!

How can i create key size 4096 (or more)?
« Last Edit: December 04, 2017, 01:20:18 am by simby »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14480
  • Karma: +1343/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: TLS authentication KEY_SIZE=4096
« Reply #1 on: December 04, 2017, 03:57:17 am »
Why would you want to do that?  that is just the shared secret.. Really no point in that being any higher..

https://community.openvpn.net/openvpn/wiki/Hardening

that is the shared secret key, anything over 2048 is just pointless.. This is the key used to sign the tls packets..  Would be better to set your tls min to 1.2 and enable tls encryption... Keep in mind that the some clients do not support tls crypt - I do not believe the ios openvpn connect app as enabled its use yet, etc.  But really don't see how increasing that would matter..


- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)