Jump to content
Not connected, Your IP: 3.138.122.4
AirVPN
Sign in to follow this  
Followers 0
jabajools

ANSWERED tls_process: killed expiring key

By jabajools, ... in Troubleshooting and Problems

Recommended Posts

jabajools    2

jabajools
Posted ...

Morning all,

One of my clients keeps spamming the 'tls_process: killed expiring key' msg every hour, is this something I should be worried about?

Regards,

 

Share this post

Link to post

Staff    9751

Staff
Posted ...

Hello!

It's the Data Channel key re-negotiation over the Control Channel via Diffie-Hellman Exchange. See also Perfect Forward Secrecy: https://en.wikipedia.org/wiki/Forward_secrecy

You can lower the re-negotiation time on your client side with directive reneg-sec n, where n is in seconds, but you can't increase it and you can't disable forward secrecy (anyway you don't want to disable it).

OpenVPN re-negotiates Data Channel key by using overlapping time windows. During the negotiation, the previous key is used for any packet flow, so you will not notice any communication breakdown. When the message "killed expiring key" appears, it means that the negotiation completed successfully and the previous key is not used anymore.

AirVPN uses unique DH keys. Each VPN server has a different and unique key. DH key size is 4096 bit.

Kind regards
 

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...