Hi,
i have two questions about OpenVPN implementation:
1) why do i need the Diffie-Hellman parameters when i have a PKI infrastructure? I mean, it should be easy to exchange a secret just encrypting it with the endpoint's public key
2) Into the Security Overview i've read that the 4 keys into a static key configuration is due to prevent some reply and denial of service attack. Where i can find documentation explaining such kind of attacks? Can anyone explain the idea behind these attacks?
Thank you
Just two conceptual questions about OpenVPN
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
tonvi
- OpenVpn Newbie
- Posts: 1
- Joined: Sun Nov 06, 2011 3:48 pm
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Just two conceptual questions about OpenVPN
@1: this is normal for a TLS setup; webserver also need some sort of Diffie Hellman key for the initial handshake; read up on public/private key encryption for details (or do 'man dhparam')
@2: the 4 static keys in a static key file can be used to encrypt a connection bi-directionally, i.e traffic is encrypted from the client to server in a different manner than vice versa; this makes certain types of attacks much harder to do.
As for details on such attacks: google is your friend.
@2: the 4 static keys in a static key file can be used to encrypt a connection bi-directionally, i.e traffic is encrypted from the client to server in a different manner than vice versa; this makes certain types of attacks much harder to do.
As for details on such attacks: google is your friend.