Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
DH Parameters Length question
« previous
next »
Print
Pages: [
1
]
Author
Topic: DH Parameters Length question (Read 5467 times)
Julien
Hero Member
Posts: 666
Karma: 33
DH Parameters Length question
«
on:
November 27, 2017, 04:02:09 pm »
Hi guys,
I am trying to understand the user of DH Parameters Length on the VPN server and Key length (bits) on the certificate.
I see the Key length (bits) on the certificate has 4096 and 8192
and also the DH Parameters Length 4096 and 2048.
using the high number would affect the speed of the tunnel ?would provide a high encryption ?
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
xinnan
Full Member
Posts: 125
Karma: 13
Re: DH Parameters Length question
«
Reply #1 on:
November 27, 2017, 04:12:25 pm »
My understanding is that the DH key length will only impact the initial negotiation and not the average speed.
However in general AES 128 should be faster than AES 256 and if there were available 512 and 1024 versions, those would be progressively slower.
Unless you have lots of people on the server, you should be hurt by using 4096 or greater DH parameters.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
DH Parameters Length question