Discussion:
[Openvpn-users] Elliptic Curve, strongest cipher? (and how about iOS app?)
Kevin Long
2016-12-13 01:57:55 UTC
Permalink
Greetings,


I have a requirement to set up an OpenVPN server that serves clients, including the *iOS* OpenVPN app which I understand is quite different from the open source.

The requirement is that I use the absolute strongest encryption ciphers, regardless of VPN performance.

If I am not mistaken, Elliptic Curve is much preferred these days, and I believe support for ciphers which utilize EC was added into the 2.4 branch of OpenVPN open source.


So to get this functionality I believe I would need to compile a release candidate from source?


But how about the iOS app, does it support EC ciphers, will it ever?


Thanks much,

- Kevin
Samuli Seppänen
2016-12-13 08:13:28 UTC
Permalink
Post by Kevin Long
Greetings,
I have a requirement to set up an OpenVPN server that serves clients, including the *iOS* OpenVPN app which I understand is quite different from the open source.
The requirement is that I use the absolute strongest encryption ciphers, regardless of VPN performance.
If I am not mistaken, Elliptic Curve is much preferred these days, and I believe support for ciphers which utilize EC was added into the 2.4 branch of OpenVPN open source.
So to get this functionality I believe I would need to compile a release candidate from source?
But how about the iOS app, does it support EC ciphers, will it ever?
The iOS app is based on OpenVPN 3:

<https://github.com/OpenVPN/openvpn3>

I believe OpenVPN 3 supports elliptic curve crypto just like OpenVPN
2.4, but I could be mistaken.
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
Илья Шипицин
2016-12-13 13:47:21 UTC
Permalink
iOS app is linked against custom polarssl build (probably, mbedtls now).
DSA certs did not work for us, while polarssl in general does support dsa,
but iOS build does not.

it might be idea to setup openvpn with EC and give it a try.
Post by Kevin Long
Greetings,
I have a requirement to set up an OpenVPN server that serves clients,
including the *iOS* OpenVPN app which I understand is quite different from
the open source.
The requirement is that I use the absolute strongest encryption ciphers,
regardless of VPN performance.
If I am not mistaken, Elliptic Curve is much preferred these days, and I
believe support for ciphers which utilize EC was added into the 2.4 branch
of OpenVPN open source.
So to get this functionality I believe I would need to compile a release
candidate from source?
But how about the iOS app, does it support EC ciphers, will it ever?
Thanks much,
- Kevin
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Loading...