Re: [PATCH] OpenVPN: Fix for '--ns-cert-type server is deprecated' .

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] OpenVPN: Fix for '--ns-cert-type server is deprecated' .
Date: Fri, 13 Oct 2017 16:41:53 +0200	[thread overview]
Message-ID: <2545D503-4A23-4A6D-9996-6C3704B65228@ipfire.org> (raw)
In-Reply-To: <1507719492.4045.68.camel@ipfire.org>

[-- Attachment #1: Type: text/plain, Size: 1036 bytes --]

Hi Michael,
thank you too for merging. 
Have think about to introduce with this patch also a choice (flip menus) for ROOT and HOST CA key lengths if a new PKI is generated. To use the new --remote-cert-tls there is anyways the need to generate a new PKI so it might be possibly nice to have then also a possibility to select keylengths of IPFires certificates ? 
A possible solution can looks like this --> https://forum.ipfire.org/viewtopic.php?f=50&t=18852&start=15#p108795 so the ROOT CA are provided with 4096, 6144, 8192, 12288 and the HOST CA with 2048, 4096, 6144, 8192, 12288 bits . 
Did some testings with that whereby 12288 are the maximum made also tests with 16384 but this was too much for generating but also for usage.

As an extended idea.

Greetings,

Erik

> Thank you very much. Merged.
> 
> On Fri, 2017-10-06 at 15:19 +0200, ummeegge wrote:
>> Hi all,
>> reference and testings can be found in here --> https://forum.ipfire.org/viewt
>> opic.php?f=50&t=18852 .
>> 
>> Greetings,
>> 
>> Erik

next prev parent reply	other threads:[~2017-10-13 14:41 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-06 13:14 Erik Kapfer
2017-10-06 13:19 ` ummeegge
2017-10-11 10:58   ` Michael Tremer
2017-10-13 14:41     ` ummeegge [this message]
2017-10-16 19:40       ` Michael Tremer
2017-10-17 15:52         ` ummeegge
2017-10-19 15:37           ` ummeegge

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2545D503-4A23-4A6D-9996-6C3704B65228@ipfire.org \
    --to=ummeegge@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox