mirror of
https://github.com/namibia/openvpn-install.git
synced 2024-12-23 07:18:54 +00:00
Add new features
This commit is contained in:
parent
98c5a75d6b
commit
21beaa6f8c
@ -8,7 +8,10 @@ This fork includes :
|
||||
- No logs
|
||||
- No comp-lzo [compression is a vector for oracle attacks, e.g. CRIME or BREACH](https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575)
|
||||
- Better encryption (see below)
|
||||
- Avoid DNS leak
|
||||
- UFW support
|
||||
- TLS 1.2 only
|
||||
- Strong ciphers, DH keys and certificates. (see variants)
|
||||
- AES-256-CBC and SHA-512 for HMAC (instead of BF-128-CBC and SHA1)
|
||||
- Run server in unprivileged mode, reducing risks to the system
|
||||
- TLS-auth to help [thwart DoS attacks](https://openvpn.net/index.php/open-source/documentation/howto.html#security) and provide a 2nd line of defense to the TLS channel.
|
||||
|
Loading…
Reference in New Issue
Block a user