octoleo
/
openvpn-install
mirror of https://github.com/namibia/openvpn-install.git
1
1
Fork 0
Code Issues Releases Activity

secp256r1 -> prime256v1

This commit is contained in:
angristan 2018-09-23 17:06:15 +02:00
parent 8e1cf382c3
commit 70ebe5620d
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -176,10 +176,10 @@ OpenVPN 2.4 added support for ECDSA. Elliptic curve cryptography is faster, ligh
This script provides: This script provides:
- ECDSA: `secp256r1`/`secp384r1`/`secp521r1` curves - ECDSA: `prime256v1`/`secp384r1`/`secp521r1` curves
- RSA: `2048`/`3072`/`4096` bits keys - RSA: `2048`/`3072`/`4096` bits keys
It defaults to ECDSA with `secp256r1`. It defaults to ECDSA with `prime256v1`.
OpenVPN uses `SHA-256` as the signature hash by default, and so does the script. It provides no other choice as of now. OpenVPN uses `SHA-256` as the signature hash by default, and so does the script. It provides no other choice as of now.
@ -241,10 +241,10 @@ Also, generating a classic DH keys can take a long, looong time. ECDH keys are e
The script provides the following options: The script provides the following options:
- ECDH: `secp256r1`/`secp384r1`/`secp521r1` curves - ECDH: `prime256v1`/`secp384r1`/`secp521r1` curves
- DH: `2048`/`3072`/`4096` bits keys - DH: `2048`/`3072`/`4096` bits keys
It defaults to `secp256r1`. It defaults to `prime256v1`.
### HMAC digest algorithm ### HMAC digest algorithm

12
openvpn-install.sh
View File

@ -312,10 +312,10 @@ function installQuestions () {
# Use default, sane and fast paramters # Use default, sane and fast paramters
CIPHER="AES-128-GCM" CIPHER="AES-128-GCM"
CERT_TYPE="1" # ECDSA CERT_TYPE="1" # ECDSA
CERT_CURVE="secp256r1" CERT_CURVE="prime256v1"
CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"
DH_TYPE="1" # ECDH DH_TYPE="1" # ECDH
DH_CURVE="secp256r1" DH_CURVE="prime256v1"
HMAC_ALG="SHA256" HMAC_ALG="SHA256"
TLS_SIG="1" # tls-crypt TLS_SIG="1" # tls-crypt
else else
@ -361,7 +361,7 @@ function installQuestions () {
1) 1)
echo "" echo ""
echo "Choose which curve you want to use for the certificate's key:" echo "Choose which curve you want to use for the certificate's key:"
echo " 1) secp256r1 (recommended)" echo " 1) prime256v1 (recommended)"
echo " 2) secp384r1" echo " 2) secp384r1"
echo " 3) secp521r1" echo " 3) secp521r1"
until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do
@ -369,7 +369,7 @@ function installQuestions () {
done done
case $CERT_CURVE_CHOICE in case $CERT_CURVE_CHOICE in
1) 1)
CERT_CURVE="secp256r1" CERT_CURVE="prime256v1"
;; ;;
2) 2)
CERT_CURVE="secp384r1" CERT_CURVE="secp384r1"
@ -446,7 +446,7 @@ function installQuestions () {
1) 1)
echo "" echo ""
echo "Choose which curve you want to use for the ECDH key" echo "Choose which curve you want to use for the ECDH key"
echo " 1) secp256r1 (recommended)" echo " 1) prime256v1 (recommended)"
echo " 2) secp384r1" echo " 2) secp384r1"
echo " 3) secp521r1" echo " 3) secp521r1"
while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do
@ -454,7 +454,7 @@ function installQuestions () {
done done
case $DH_CURVE_CHOICE in case $DH_CURVE_CHOICE in
1) 1)
DH_CURVE="secp256r1" DH_CURVE="prime256v1"
;; ;;
2) 2)
DH_CURVE="secp384r1" DH_CURVE="secp384r1"