Jump to content
Not connected, Your IP: 3.139.108.48
Sign in to follow this  
sh4rp87

Using TLS 1.3 and OpenVPN 2.4.7 new features on Eddie / Win10

Recommended Posts

I'm using Eddie on Windows 10, running OpenVPN 2.4.7 (released 21 Feb. 2019) that I setup as external openvpn.exe.
Which directives can I enable to use TLS 1.3? Are there also others useful directives we can use on the new OpenVPN to further increase security (for example --tls-crypt)?
Do the AirVPN servers support these new fatures?

A call out to the experts, a sorry in advance if this has been discussed already.

Share this post


Link to post

Not all clients support it, only in OpenVPN 2.4.7 there was an official support for this from the OpenVPN side,
but still OpenSSL needs to be either recompiled and relinked against it or pulled from unstable repos.

Definitely in the roadmap but technically, the benefits of TLS 1.3 are not so significant for OpenVPN usage.
Faster handshakes and 0RTT are almost irrelevant since it's only done once and the rest are in the background
while it is running, so won't be visible for the user unlike fast loading web pages. As for security, it does disable old
ciphers but they were never used in AirVPN anyway.
Handshake messages after ServerHello are already encrypted with --tls-crypt on clients > 2.4.
Compression, custom DHE groups, and DSA are not relavant in OpenVPN as well.
Probably before the end of the year it will become a new standard, not because it is better, but because
it will be well implemented by more clients and servers and there won't be a reason not to default to it.
Same thing regarding web servers, the current slow rollup plan for TLS 1.3 on the web is Q4 2019,
according to many webmaster forums unofficial statistic.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...