mirror of
https://github.com/namibia/openvpn-install.git
synced 2024-11-11 07:20:55 +00:00
secp256r1 -> prime256v1
This commit is contained in:
angristan
parent
8e1cf382c3
commit
70ebe5620d
@ -176,10 +176,10 @@ OpenVPN 2.4 added support for ECDSA. Elliptic curve cryptography is faster, ligh
|
|||||||
|
|
||||||
This script provides:
|
This script provides:
|
||||||
|
|
||||||
- ECDSA: `secp256r1`/`secp384r1`/`secp521r1` curves
|
- ECDSA: `prime256v1`/`secp384r1`/`secp521r1` curves
|
||||||
- RSA: `2048`/`3072`/`4096` bits keys
|
- RSA: `2048`/`3072`/`4096` bits keys
|
||||||
|
|
||||||
It defaults to ECDSA with `secp256r1`.
|
It defaults to ECDSA with `prime256v1`.
|
||||||
|
|
||||||
OpenVPN uses `SHA-256` as the signature hash by default, and so does the script. It provides no other choice as of now.
|
OpenVPN uses `SHA-256` as the signature hash by default, and so does the script. It provides no other choice as of now.
|
||||||
|
|
||||||
@ -241,10 +241,10 @@ Also, generating a classic DH keys can take a long, looong time. ECDH keys are e
|
|||||||
|
|
||||||
The script provides the following options:
|
The script provides the following options:
|
||||||
|
|
||||||
- ECDH: `secp256r1`/`secp384r1`/`secp521r1` curves
|
- ECDH: `prime256v1`/`secp384r1`/`secp521r1` curves
|
||||||
- DH: `2048`/`3072`/`4096` bits keys
|
- DH: `2048`/`3072`/`4096` bits keys
|
||||||
|
|
||||||
It defaults to `secp256r1`.
|
It defaults to `prime256v1`.
|
||||||
|
|
||||||
### HMAC digest algorithm
|
### HMAC digest algorithm
|
||||||
|
|
||||||
|
|||||||
@ -312,10 +312,10 @@ function installQuestions () {
|
|||||||
# Use default, sane and fast paramters
|
# Use default, sane and fast paramters
|
||||||
CIPHER="AES-128-GCM"
|
CIPHER="AES-128-GCM"
|
||||||
CERT_TYPE="1" # ECDSA
|
CERT_TYPE="1" # ECDSA
|
||||||
CERT_CURVE="secp256r1"
|
CERT_CURVE="prime256v1"
|
||||||
CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"
|
CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"
|
||||||
DH_TYPE="1" # ECDH
|
DH_TYPE="1" # ECDH
|
||||||
DH_CURVE="secp256r1"
|
DH_CURVE="prime256v1"
|
||||||
HMAC_ALG="SHA256"
|
HMAC_ALG="SHA256"
|
||||||
TLS_SIG="1" # tls-crypt
|
TLS_SIG="1" # tls-crypt
|
||||||
else
|
else
|
||||||
@ -361,7 +361,7 @@ function installQuestions () {
|
|||||||
1)
|
1)
|
||||||
echo ""
|
echo ""
|
||||||
echo "Choose which curve you want to use for the certificate's key:"
|
echo "Choose which curve you want to use for the certificate's key:"
|
||||||
echo " 1) secp256r1 (recommended)"
|
echo " 1) prime256v1 (recommended)"
|
||||||
echo " 2) secp384r1"
|
echo " 2) secp384r1"
|
||||||
echo " 3) secp521r1"
|
echo " 3) secp521r1"
|
||||||
until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do
|
until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do
|
||||||
@ -369,7 +369,7 @@ function installQuestions () {
|
|||||||
done
|
done
|
||||||
case $CERT_CURVE_CHOICE in
|
case $CERT_CURVE_CHOICE in
|
||||||
1)
|
1)
|
||||||
CERT_CURVE="secp256r1"
|
CERT_CURVE="prime256v1"
|
||||||
;;
|
;;
|
||||||
2)
|
2)
|
||||||
CERT_CURVE="secp384r1"
|
CERT_CURVE="secp384r1"
|
||||||
@ -446,7 +446,7 @@ function installQuestions () {
|
|||||||
1)
|
1)
|
||||||
echo ""
|
echo ""
|
||||||
echo "Choose which curve you want to use for the ECDH key"
|
echo "Choose which curve you want to use for the ECDH key"
|
||||||
echo " 1) secp256r1 (recommended)"
|
echo " 1) prime256v1 (recommended)"
|
||||||
echo " 2) secp384r1"
|
echo " 2) secp384r1"
|
||||||
echo " 3) secp521r1"
|
echo " 3) secp521r1"
|
||||||
while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do
|
while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do
|
||||||
@ -454,7 +454,7 @@ function installQuestions () {
|
|||||||
done
|
done
|
||||||
case $DH_CURVE_CHOICE in
|
case $DH_CURVE_CHOICE in
|
||||||
1)
|
1)
|
||||||
DH_CURVE="secp256r1"
|
DH_CURVE="prime256v1"
|
||||||
;;
|
;;
|
||||||
2)
|
2)
|
||||||
DH_CURVE="secp384r1"
|
DH_CURVE="secp384r1"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user