bubbba 3 Posted ... I recently was reading about SSL and Forward Secrecy. With the latest information about the NSA grabbing data streams I was sure glad that I already had a VPN in place. Security is very important and I read quite a bit to be sure I am using whatever technologies are available to end users like myself. I noticed that the AirVPN website uses ECDHE_RSA for the key exchange which is GREAT news. Unfortunately most of the sites I visit do not. My questions are: 1.) Do you have OpenVPN configured to use Forward Secrecy? And, if so, do I need to do anything on my end to enable it? 2.) If OpenVPN is using ECDHE_RSA would that protect my data on all SSL sites I connect to through the VPN? So happy I chose AirVPN over any of the others. Regards, Bubbba Quote Share this post Link to post
Staff 9973 Posted ... Hello! 1.) Yes. You don't need to do anything on your side. 2.) Any https site will see your connection as coming from an Air VPN server exit-IP address. OpenVPN adds a further layer of encryption (on top of the the web site encryption) from your node to the VPN server you're connected to, which is important if you wish to prevent your ISP from knowing which https sites you access and have some other beneficial side effects, such preventing SSL/TLS BEAST-like attacks. Kind regards Quote Share this post Link to post