[thirdparty/openvpn.git] / README.ec

Since 2.4.0, OpenVPN has official support for elliptic curve crypto. Elliptic
curves are an alternative to RSA for asymmetric encryption.

Elliptic curve crypto ('ECC') can be used for the ('TLS') control channel only
in OpenVPN; the data channel (encrypting the actual network traffic) uses
symmetric encryption. ECC can be used in TLS for authentication (ECDSA) and key
exchange (ECDH).

Key exchange (ECDH)
-------------------
OpenVPN 2.4.0 and newer automatically initialize ECDH parameters. When ECDSA is
used for authentication, the curve used for the server certificate will be used
for ECDH too. When autodetection fails (e.g. when using RSA certificates)
OpenVPN lets the crypto library decide if possible, or falls back to the
secp384r1 curve. The list of groups/curves that the crypto library will choose
from can be set with the --tls-groups <grouplist> option.

An administrator can force an OpenVPN/OpenSSL server to use a specific curve
using the --ecdh-curve <curvename> option with one of the curves listed as
available by the --show-groups option. Clients will use the same curve as
selected by the server.

Note that not all curves listed by --show-groups are available for use with TLS;
in that case connecting will fail with a 'no shared cipher' TLS error.

Authentication (ECDSA)
----------------------
Since OpenVPN 2.4.0, using ECDSA certificates works 'out of the box'. Which
specific curves and cipher suites are available depends on your version and
configuration of the crypto library. The crypto library will automatically
select a cipher suite for the TLS control channel.

Support for generating an ECDSA certificate chain is available in EasyRSA (in
spite of it's name) since EasyRSA 3.0. The parameters you're looking for are
'--use-algo=ec' and '--curve=<curve_name>'. See the EasyRSA documentation for
more details on generating ECDSA certificates.
Commit	Line	Data
609e8131 SK	1	Since 2.4.0, OpenVPN has official support for elliptic curve crypto. Elliptic
	2	curves are an alternative to RSA for asymmetric encryption.
	3
	4	Elliptic curve crypto ('ECC') can be used for the ('TLS') control channel only
	5	in OpenVPN; the data channel (encrypting the actual network traffic) uses
	6	symmetric encryption. ECC can be used in TLS for authentication (ECDSA) and key
	7	exchange (ECDH).
	8
	9	Key exchange (ECDH)
	10	-------------------
	11	OpenVPN 2.4.0 and newer automatically initialize ECDH parameters. When ECDSA is
	12	used for authentication, the curve used for the server certificate will be used
	13	for ECDH too. When autodetection fails (e.g. when using RSA certificates)
	14	OpenVPN lets the crypto library decide if possible, or falls back to the
8353ae80 AS	15	secp384r1 curve. The list of groups/curves that the crypto library will choose
8353ae80 AS	16	from can be set with the --tls-groups <grouplist> option.
609e8131 SK	17
	18	An administrator can force an OpenVPN/OpenSSL server to use a specific curve
	19	using the --ecdh-curve <curvename> option with one of the curves listed as
8353ae80	20	available by the --show-groups option. Clients will use the same curve as
609e8131 SK	21	selected by the server.
609e8131 SK	22
8353ae80	23	Note that not all curves listed by --show-groups are available for use with TLS;
609e8131 SK	24	in that case connecting will fail with a 'no shared cipher' TLS error.
	25
	26	Authentication (ECDSA)
	27	----------------------
	28	Since OpenVPN 2.4.0, using ECDSA certificates works 'out of the box'. Which
	29	specific curves and cipher suites are available depends on your version and
	30	configuration of the crypto library. The crypto library will automatically
	31	select a cipher suite for the TLS control channel.
	32
	33	Support for generating an ECDSA certificate chain is available in EasyRSA (in
	34	spite of it's name) since EasyRSA 3.0. The parameters you're looking for are
	35	'--use-algo=ec' and '--curve=<curve_name>'. See the EasyRSA documentation for
	36	more details on generating ECDSA certificates.