OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • DH Parameters Length question
« previous next »
  • Print
Pages: [1]

Author Topic: DH Parameters Length question  (Read 5464 times)

Julien

  • Hero Member
  • *****
  • Posts: 666
  • Karma: 33
    • View Profile
DH Parameters Length question
« on: November 27, 2017, 04:02:09 pm »
Hi guys,
I am trying to understand the user of  DH Parameters Length on the VPN server and Key length (bits) on the certificate.
I see the Key length (bits) on the  certificate  has 4096 and 8192
and also the DH Parameters Length 4096 and 2048.
using the high number would affect the speed of the tunnel ?would provide a high encryption ?
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023

xinnan

  • Full Member
  • ***
  • Posts: 125
  • Karma: 13
    • View Profile
Re: DH Parameters Length question
« Reply #1 on: November 27, 2017, 04:12:25 pm »
My understanding is that the DH key length will only impact the initial negotiation and not the average speed.

However in general AES 128 should be faster than AES 256 and if there were available 512 and 1024 versions, those would be progressively slower. 

Unless you have lots of people on the server, you should be hurt by using 4096 or greater DH parameters. 
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • DH Parameters Length question
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2