Re: [PATCH] OpenVPN: Fix for '--ns-cert-type server is deprecated' .

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 1421 bytes --]

Hi,

I generally like the idea. However, I am not sure if anyone will know how to use
this. Do all OSes support 12k RSA keys? Or should we rather not make this
decision for our users and pick the best that works for everyone?

-Michael

On Fri, 2017-10-13 at 16:41 +0200, ummeegge wrote:
> Hi Michael,
> thank you too for merging. 
> Have think about to introduce with this patch also a choice (flip menus) for
> ROOT and HOST CA key lengths if a new PKI is generated. To use the new --
> remote-cert-tls there is anyways the need to generate a new PKI so it might be
> possibly nice to have then also a possibility to select keylengths of IPFires
> certificates ? 
> A possible solution can looks like this --> https://forum.ipfire.org/viewtopic
> .php?f=50&t=18852&start=15#p108795 so the ROOT CA are provided with 4096,
> 6144, 8192, 12288 and the HOST CA with 2048, 4096, 6144, 8192, 12288 bits . 
> Did some testings with that whereby 12288 are the maximum made also tests with
> 16384 but this was too much for generating but also for usage.
> 
> As an extended idea.
> 
> Greetings,
> 
> Erik
> 
> > Thank you very much. Merged.
> > 
> > On Fri, 2017-10-06 at 15:19 +0200, ummeegge wrote:
> > > Hi all,
> > > reference and testings can be found in here --> https://forum.ipfire.org/v
> > > iewt
> > > opic.php?f=50&t=18852 .
> > > 
> > > Greetings,
> > > 
> > > Erik
> 
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]