Hacker News new | past | comments | ask | show | jobs | submit login

You're probably right. We've already changed to 2048 DH everywhere. Do you have any opinion on if that is a strong enough default?



Does OpenVPN support ECDH parameters yet? openssl supports ecparam[1], and polarssl is now supporting it in their development branch[2].

[1] http://www.openssl.org/docs/apps/ecparam.html

[2] https://github.com/polarssl/polarssl/commit/577e006c2fe4a361...


We'll use standard DHE if the user selects an RSA cert (2048, 3072, or 4096). And we'll use ECDHE if the user selects an Elliptic Curve cert. We'll also be displaying a disclaimer about the potential issues with ECC (certain experts believe TLS curves may be compromised/weakened) if the user selects that.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: