[Ach] SWEET32/CVE-2016-2183

[akendo at akendo.eu]

A good info on the topic as an additional source.
https://blog.cryptographyengineering.com/2016/08/attack-of-week-64-bit-ciphers-in-tls.html

On August 24, 2016 9:48:46 PM GMT+02:00, "René Pfeiffer" <lynx at luchs.at> wrote:
>On Aug 24, 2016 at 2119 +0200, Akendo appeared and said:
>> The openvpn configuration includes a keepalive parameter with
>following
>> values: 10 120
>> 
>> you think this is sufficient? Whereby I'm uncertain about the
>function
>> in OpenVPN in regards to your statement.
>
>OpenVPN uses the keepalive parameter to determin if the remote end is
>still
>reachable. It is usually used to tune OpenVPN tunnels to lossy or high
>latency network links. This means that it is different from Apache's
>implementation.
>
>In order to protect your OpenVPN setup I suggest using the ciphers
>discussed in the Bettyrcrypto guide (AES is a good choice). Furthermore
>I
>recommend
>
>- using the shared key created by "openvpn --genkey --secret" to lock
>out
>  scans,
>- using X.509 keys and certificates with a private CA (the only option
>  which can take advantage of perfect forward secrecy).
>
>Cheers,
>René.
>
>-- 
>)\._.,--....,'``.  fL  Let GNU/Linux work for you while you take a nap.
>/,   _.. \   _\  (`._ ,. R. Pfeiffer <lynx at luchs.at> +
>http://web.luchs.at/
>`._.-(,_..'--(,_..'`-.;.'  - System administration + Consulting +
>Teaching -
>Got mail delivery problems? 
>https://web.luchs.at/information/blockedmail.php
>Warning: Do _NOT_ send emails with HTML content to my address! No
>guarantees!
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Ach mailing list
>Ach at lists.cert.at
>http://lists.cert.at/cgi-bin/mailman/listinfo/ach

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20160825/0bc28a48/attachment-0001.html>