OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

OpenVPN using SHA1 instead of SHA512

https://forums.openvpn.net/viewtopic.php?t=31534

Page 1 of 1

OpenVPN using SHA1 instead of SHA512

Posted: Fri Dec 25, 2020 5:17 am
by petrocelli1966
Hi All,
I am seeing a strange entry on the logs. I am trying to get OpenVPN gping on OmniOS and I am having two difficulties. One is that in the logs I am seeing
"using 160 bit message hash 'SHA1' for hmac authentication. This is strange because in the vars file, I selected EASYRSA_DIGEST "sha512" so I can't figure why it's still using sha1. Can anyone help me out please?

Re: OpenVPN using SHA1 instead of SHA512 [SOLVED]

Posted: Fri Dec 25, 2020 6:08 am
by petrocelli1966
Ouch. My bad. Sorry. I just realized i missed "auth SHA512" in the server.conf file.

Re: OpenVPN using SHA1 instead of SHA512

Posted: Fri Dec 25, 2020 3:50 pm
by TinCanTech
Just so you understand, using SHA512 is wasting CPU cycles on your VPN nodes.

--auth SHA1 (The default) is absolutely all you need as the Auth HMAC.

Re: OpenVPN using SHA1 instead of SHA512

Posted: Thu Dec 31, 2020 8:13 am
by petrocelli1966
Thanks for that reminder. That is true.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/