OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: Julien on November 27, 2017, 04:02:09 pm

Title: DH Parameters Length question
Post by: Julien on November 27, 2017, 04:02:09 pm: Hi guys,
I am trying to understand the user of DH Parameters Length on the VPN server and Key length (bits) on the certificate.
I see the Key length (bits) on the certificate has 4096 and 8192
and also the DH Parameters Length 4096 and 2048.
using the high number would affect the speed of the tunnel ?would provide a high encryption ?
Title: Re: DH Parameters Length question
Post by: xinnan on November 27, 2017, 04:12:25 pm: My understanding is that the DH key length will only impact the initial negotiation and not the average speed.

However in general AES 128 should be faster than AES 256 and if there were available 512 and 1024 versions, those would be progressively slower.

Unless you have lots of people on the server, you should be hurt by using 4096 or greater DH parameters.

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy