docs: paranoid: Describe how to do 4096 RSA keys
* For the paranoid of course. :) * Someday elliptic curve? * Closes #154
This commit is contained in:
parent
379766fc5e
commit
62b6cc3db9
@ -29,4 +29,13 @@ Changing the `tls-cipher` option seems to be more complicated because some clien
|
|||||||
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
|
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
|
||||||
TLS Error: TLS handshake failed
|
TLS Error: TLS handshake failed
|
||||||
|
|
||||||
|
## EasyRSA and 4096 bit RSA Keys
|
||||||
|
|
||||||
|
EasyRSA will generate 4096 bit RSA keys when the `-e EASYRSA_KEY_SIZE=4096` argument is added to `ovpn_initpki` and `easyrsa build-client-full` commands.
|
||||||
|
|
||||||
|
docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki
|
||||||
|
docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass
|
||||||
|
|
||||||
|
## Additional Resources
|
||||||
|
|
||||||
Have a look at the [Applied-Crypto-Hardening](https://github.com/BetterCrypto/Applied-Crypto-Hardening/tree/master/src/configuration/VPNs/OpenVPN) project for more examples.
|
Have a look at the [Applied-Crypto-Hardening](https://github.com/BetterCrypto/Applied-Crypto-Hardening/tree/master/src/configuration/VPNs/OpenVPN) project for more examples.
|
||||||
|
Loading…
Reference in New Issue
Block a user