1
1
mirror of https://github.com/namibia/openvpn-install.git synced 2024-11-18 02:05:12 +00:00

Use SHA-256 instead of SHA-384

Following 693bd13fa7
This commit is contained in:
Angristan 2016-12-11 12:11:11 +01:00 committed by GitHub
parent 693bd13fa7
commit 316ecfe7f4

View File

@ -400,7 +400,6 @@ WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service
rm -rf ~/EasyRSA-3.0.1.tgz
cd /etc/openvpn/easy-rsa/
echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" > vars
echo 'set_var EASYRSA_DIGEST "sha384"' >> vars
# Create the PKI, set up the CA, the DH params and the server + client certificates
./easyrsa init-pki
./easyrsa --batch build-ca nopass
@ -463,11 +462,11 @@ cert server.crt
key server.key
tls-auth tls-auth.key 0
dh dh.pem
auth SHA384
auth SHA256
$CIPHER
tls-server
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
status openvpn.log
verb 3" >> /etc/openvpn/server.conf
@ -580,11 +579,11 @@ nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA384
auth SHA256
$CIPHER
tls-client
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns
verb 3" >> /etc/openvpn/client-template.txt