Jump to content
Not connected, Your IP:

Recommended Posts

Hi all,

if someone could help me please,

how does the Open VPN client generate the RSA keys it uses for the initial handshake when logging on and then for the encryption of traffic?

Does Open VPN generate it's own keys ( and if so according to what rules) or does it 'buy in' a key or key template from the company of the name RSA or where do these keys come from?


Share this post

Link to post



the RSA keys are generated with OpenSSL. The TLS keys are exchanged via Diffie-Hellman (DHE, Diffie-Hellman Merkle key Exchange in TLS ephemeral mode to provide Perfect Forward Secrecy, see http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange about previous question on MITM and how to exchange a shared secret key over an insecure channel). Additionally re-keying occurs every 60 minutes by default (in addition to each new connection of course).


Kind regards

Share this post

Link to post


thank you very much,

that's good news then for as far as I can see the RSA keys are generated using open source code and  do not have anything to do with the company RSA whose integrity ,for me at least, ,has been compromised by the Edward Snowden revelations.

Thanks again.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

  • Create New...