Hi Everyone,
I have a question regarding PFS(Perfect Forward Secrecy). I use the generic OpenVpn Gui for my VPN provider and would like the PFS Keys to be re-keyed every 30 mins. When I use the un-modified .ovpn file from my provider, the message I see in the log at 60 mins is "TLS: soft reset", at 120,180,240,300 mins etc. "TLS: tls_process: killed expiring key".
When I modify the .ovpn file's 'reneg-sec 0' to 'reneg-sec 1800', I see at 30,60,90,120 mins etc. the message "TLS: soft reset..." but never the message "TLS: tls_process: killed expiring key". So what is the difference between the 2? Somehow the "TLS: tls_process: killed expiring key" seems more assuring?! So is "TLS: soft reset" the same as "TLS: tls_process: killed expiring key"?!
Thanks
question regarding PFS(Perfect Forward Secrecy)
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sun Aug 21, 2016 8:30 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: question regarding PFS(Perfect Forward Secrecy)
See --reneg-sec in The Manual v23x