From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] OpenVPN: Fix for '--ns-cert-type server is deprecated' .
Date: Mon, 16 Oct 2017 20:40:31 +0100
Message-ID: <1508182831.19915.38.camel@ipfire.org>
In-Reply-To: <2545D503-4A23-4A6D-9996-6C3704B65228@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8025943387534713294=="
List-Id: <development.lists.ipfire.org>

--===============8025943387534713294==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi,

I generally like the idea. However, I am not sure if anyone will know how to =
use
this. Do all OSes support 12k RSA keys? Or should we rather not make this
decision for our users and pick the best that works for everyone?

-Michael

On Fri, 2017-10-13 at 16:41 +0200, ummeegge wrote:
> Hi Michael,
> thank you too for merging.=20
> Have think about to introduce with this patch also a choice (flip menus) for
> ROOT and HOST CA key lengths if a new PKI is generated. To use the new --
> remote-cert-tls there is anyways the need to generate a new PKI so it might=
 be
> possibly nice to have then also a possibility to select keylengths of IPFir=
es
> certificates ?=20
> A possible solution can looks like this --> https://forum.ipfire.org/viewto=
pic
> .php?f=3D50&t=3D18852&start=3D15#p108795 so the ROOT CA are provided with 4=
096,
> 6144, 8192, 12288 and the HOST CA with 2048, 4096, 6144, 8192, 12288 bits .=
=20
> Did some testings with that whereby 12288 are the maximum made also tests w=
ith
> 16384 but this was too much for generating but also for usage.
>=20
> As an extended idea.
>=20
> Greetings,
>=20
> Erik
>=20
> > Thank you very much. Merged.
> >=20
> > On Fri, 2017-10-06 at 15:19 +0200, ummeegge wrote:
> > > Hi all,
> > > reference and testings can be found in here --> https://forum.ipfire.or=
g/v
> > > iewt
> > > opic.php?f=3D50&t=3D18852 .
> > >=20
> > > Greetings,
> > >=20
> > > Erik
>=20
>=20

--===============8025943387534713294==
Content-Type: application/pgp-signature
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"
MIME-Version: 1.0

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUU1L3JXNWwzR0dl
Mnlwa3R4Z0hudy8yK1FDUWNGQWxubEN5OEFDZ2tRZ0hudy8yK1EKQ1Fla2xRLy9jeHIvVFBpR0pj
N1dlbDMrWjhnUGVxWk1oa004ZTM3TTFLMmdXTkdaZThhMVpaWHZpZjRYYS9jZQpucVA3bE5CYVFs
cXRuU1JqUkFjUXVsQWhMMEtIN0Q3cTlTcmFab0FLemsrcVlMQU5kNkg0NnFhRlkwY2xqREJ4ClhK
VUhkejZJV2h4dXc0WUx0b2g4VEpVcWtxM3Rza2FlN2NIaEdtZmVOTXViaExMSFIybGc0aUIrOWs0
YjUxVmQKbGhEQ0NWSUNBb2E5aW5EZm9KaDV1RjA3aW9ZbUQ2dDkwbENKVVJPMytjWXQ0VVBMMXk5
MkRWYU95RTk4MFhRYQphWHA4dlIzSDlWOEZBNFRFRXc2YWVMdHFIQlJ3K3ZXdVl3d1M4SndxaHZU
dTBKbTJ3elhNclAxRUtmdUI3NlMwCjZ3bFRBVk9JSzNaVGVQUEhlNXhieFFsNTcxWityUW90NlpN
TW1uck1YRHlUanMrK0VZOGF3ODJveHVBYktBVzUKS1lMRmNwL1A3SWR2WmQyYU03MmFMdDFITjJn
dk9UUHFjbG5sR3h0c2FIbmFCQ0xmQ2tUVUF2YTZDTjdCcE9kdgpuK28zd2t5dzA4Rzhic01GaVFi
ZmpCVzQ2SFhtNWJBb296K0RDb0xibThFVlZLdHBpd2JxOWJBNjlhZ3dFblh4CmxjTjlWUVp3d0tL
S1RZYkg4cDFCbkRhNnJkZDFMQjlMc3NIUENTa2cyREcwQk5OUk94VlJmZ1VWUEVDUEwzZk4KUVJY
bWJoREF5VmdEVVpxTUIwQ0I4ZGdGcldYZU5XM1E1cS8wT1dsOFF0ZGlicDYvbk9kSHY4aWpiZEhL
blN6SQpEc25yYWp2U2Vra2pORHV5UGRNSkV0S3YxMlgxazJrandMcjV5ZDRaQVpqaGVEWURTUTA9
Cj1yazBVCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo=

--===============8025943387534713294==--