What are the security parameters for OpenVPN?

The security parameters configured for VyprVPN's OpenVPN 256 connections are as follows:

  • Authentication: SHA256 (also known as SHA2)
  • Control channel: AES-256-GCM cipher, SHA384 HMAC, are the defaults. We can fall back to AES-256-CBC cipher/SHA256 HMAC, or all the way back to AES-256-CBC cipher/SHA1 HMAC, in the case that the client or network has compatibility issues with the default levels of encryption.
  • RSA Encryption: TLS-ECDHE-RSA-2048. The ECDHE means we provide "Elliptic curve Diffie-Hellman" key exchange, which provides Perfect Forward Secrecy.

Note that our OpenVPN 160 configurations, which are meant to provide a lower security protocol option in favor of potentially improved performance or resource usage, utilize Blowfish cipher, which is considered less secure.

Our OpenVPN configuration files are available here. The default parameters in the OpenVPN 256 .OVPN configuration files are:

auth SHA256
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA

If you need any further assistance, please contact support.

 

Last reviewed/updated June 2019


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request