Jump to content
Not connected, Your IP: 18.207.108.182
AirVPN
Dadadadadaa

tls-crypt-v2

By Dadadadadaa, ... in General & Suggestions

Recommended Posts

Dadadadadaa    0

Dadadadadaa
Posted ...

OpenVPN 2.5 introduced tls-crypt-v2, which has client specific tls-crypt keys instead of a pre-shared group key that is in tls-crypt-v1. Compromise of only 1 client or server would leak the key and thus make the tls-crypt layer useless against anyone obtaining the key. For public VPN providers bypassing the tls-crypt layer is even easier, one could just subscribe to the VPN service to get the key, but with the unique keys in v2, that problem is solved.
https://github.com/OpenVPN/openvpn/blob/master/doc/tls-crypt-v2.txt

Will AirVPN implement tls-crypt-v2?

Share this post

Link to post

Staff    8644

Staff
Posted ...
@Dadadadadaa

Hello!

No doubts, it will be even more useful against flood. Anyway nothing changes for the customers under a security point of view, obviously, as the key is needed as TLS pre-auth (so OpenVPN can shut down immediately, before checking client certificate, and mitigate flood) and for TLS mode (so PFS etc. become possible), nothing else.

Kind regards
 

Share this post

Link to post

Dadadadadaa    0

Dadadadadaa
Posted ... (edited)
12 minutes ago, Staff said:
@Dadadadadaa

Hello!

No doubts, it will be even more useful against flood. Anyway nothing changes for the customers under a security point of view, obviously, as the key is needed as TLS pre-auth (so OpenVPN can shut down immediately, before checking client certificate, and mitigate flood) and for TLS mode (so PFS etc. become possible), nothing else.

Kind regards
 
Thanks for your quick reply! I was under the impression that tls-crypt also helps against VPN blocking/censorship because it hides the OpenVPN protocol signature during the TLS handshake. Edited ... by Dadadadadaa

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...