[Ach] SWEET32/CVE-2016-2183

akendo at akendo.eu akendo at akendo.eu
Thu Aug 25 01:30:37 CEST 2016

A good info on the topic as an additional source.

On August 24, 2016 9:48:46 PM GMT+02:00, "René Pfeiffer" <lynx at luchs.at> wrote:
>On Aug 24, 2016 at 2119 +0200, Akendo appeared and said:
>> The openvpn configuration includes a keepalive parameter with
>> values: 10 120
>> you think this is sufficient? Whereby I'm uncertain about the
>> in OpenVPN in regards to your statement.
>OpenVPN uses the keepalive parameter to determin if the remote end is
>reachable. It is usually used to tune OpenVPN tunnels to lossy or high
>latency network links. This means that it is different from Apache's
>In order to protect your OpenVPN setup I suggest using the ciphers
>discussed in the Bettyrcrypto guide (AES is a good choice). Furthermore
>- using the shared key created by "openvpn --genkey --secret" to lock
>  scans,
>- using X.509 keys and certificates with a private CA (the only option
>  which can take advantage of perfect forward secrecy).
>)\._.,--....,'``.  fL  Let GNU/Linux work for you while you take a nap.
>/,   _.. \   _\  (`._ ,. R. Pfeiffer <lynx at luchs.at> +
>`._.-(,_..'--(,_..'`-.;.'  - System administration + Consulting +
>Teaching -
>Got mail delivery problems? 
>Warning: Do _NOT_ send emails with HTML content to my address! No
>Ach mailing list
>Ach at lists.cert.at

Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20160825/0bc28a48/attachment-0001.html>

More information about the Ach mailing list