ques
DD-WRT Novice
Joined: 01 May 2016
Posts: 41
|
 Posted: Wed Jul 27, 2016 18:46 Post subject: TLS-hanshake negotiating process improving request, please! |
 |
As I heard, the OpenVPN protocol can work without the client's request for specific TLS layer of the VPN tunnel security, unlike this is implemented now in the DD-WRT router's FW.
I heard that in case the client does NOT request a specific layer of the security of the VPN tunnel, then the server start the negotiation process from the hardest (from the best) layer of the TLS security which the server can perform, and then the client and the server negotiate and agree about the better layer of the security that they both can use.
As for now the only PREDEFINED list of the options are exists in the TLS cipher choice section of the settings of the OpenVpn Client of the DD-WRT, and therefore the best level of the security is now only the level of the best layer into the predefined list of the router AND NOT the best level of the security that both the router and the server are able to use for VPN tunnel. [ As for now, the best level of security into this predefined list of the router, is NOT the best level into the OpenVPN (SSL) library that (library) used now in the router's Firm Ware of DD-WRT!  ]
So, in general, now this list of the security levels does NOT allow to the user to use the better layers of the security then those that are in this list, instead of the better layers that CAN (!) be supplied by the router ! .
In case all this is true and in general the "automatically" negotiation of the TLS handshake can give to us the better level of the VPN tunnel security, then it is good idea to change the abilities of the user when he choose the security level for TLS ciphering of the VPN tunnel and add to the list of the security levels the new option for TLS Ciphering options list: "The BEST of the available for both Server and Client". For my opinion, such option must be the first option in the list of the choices.
If into the DD-WRT NOW there is an ability to request from the OpenVPN server an automatic negotiation of the security level of the TLS of the OpenVPN Tunnel, then I asking for the suggestions of the community about a workaround/way to reach such ability - because I prefer the best level of the security of the VPN Tunnel. Thank you all in advance!!! |
|
