In version 2.4 of OpenVPN support was added for using elliptic curve (EC) certificates instead of the more common RSA type certificates. Elliptic curve cryptography (ECC) provides a fast method for encrypting and authenticating a secure connection, but are not widely used yet. In part, this is due to some patenting issues. As most modern OpenSSL libraries provide ECC support, however, OpenVPN can also use EC certificates. The main advantage of ECC is that you can provide smaller keys to achieve the same level of security than with the more common RSA and DSA type encryption. This will result in a better VPN performance without sacrificing security. As we will see in this recipe, OpenVPN's control channel can be authenticated using an EC algorithm. The data channel is still authenticated using a non-EC HMAC algorithm, such as SHA1.
For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.4.0. The client was running Fedora 22 Linux and OpenVPN 2.4.0.
$ export KEY_CN= $ export KEY_OU= $ export KEY_NAME= $ export OPENSSL_CONF=/etc/openvpn/cookbook/openssl- 1.0.0.cnf $ openssl ecparam -out cakey_temp.pem -name sect571k1 -text -genkey $ openssl ec -in cakey_temp.pem -out ec-ca.key -aes256 $ openssl req -new -x509 -out ec-ca.crt -key ec-ca.key -days 3650 -sha512 -extensions v3_ca -subj "/C=US/O=Cookbook 2.4/CN=Elliptic Curve CA"
This will result in an ec-ca.crt
and ec-ca.key
file using the sect571k1
elliptic curve that we will use to sign the EC-based client and server certificates.
$ openssl req -nodes -sha512 -newkey ec:ec-ca.crt -new -days 400 -out ec-server.req -keyout ec-server.key -subj "/C=US/O=Cookbook 2.4/CN=ecserver" $ chmod 600 ec-server.key $ openssl x509 -req -extfile $OPENSSL_CONF -extensions server -out ec-server.crt -sha512 -CA ec-ca.crt -CAkey ec-ca.key -in ec-server.req -set_serial $RANDOM
This will result in an ec-server.crt
and ec-server.key
file.
$ openssl req -nodes -sha512 -newkey ec:ec-ca.crt -new -days 400 -out ec-client.req -keyout ec-client.key -subj "/C=US/O=Cookbook 2.4/CN=ecclient" $ chmod 600 ec-client.key $ openssl x509 -req -extfile $OPENSSL_CONF -extensions usr_cert -out ec-client.crt -sha512 -CA ec-ca.crt -CAkey ec-ca.key -in ec-client.req -set_serial $RANDOM
This will result in an ec-client.crt
and ec-client.key
file.
proto udp port 1194 dev tun server 10.200.0.0 255.255.255.0 ca /etc/openvpn/cookbook/ec-ca.crt cert /etc/openvpn/cookbook/ec-server.crt key /etc/openvpn/cookbook/ec-server.key dh /etc/openvpn/cookbook/dh2048.pem
Save it as example4-11-server.conf
.
[root@server]# openvpn --config example4-11-server.conf
client proto udp remote openvpnserver.example.com port 1194 dev tun nobind ca /etc/openvpn/cookbook/ec-ca.crt cert /etc/openvpn/cookbook/ec-client.crt key /etc/openvpn/cookbook/ec-client.key verb 4
Then save it as example4-11-client.conf
.
ec-ca.crt
, ec-client.crt
, and ec-client.key
to the client machine using a secure channel. [root@client]# openvpn --config example4-11-client.conf
And observe the chosen control channel cipher:
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA- AES256-GCM-SHA384
This shows that the control channel is protected using an ECDSA-based cipher.
By generating an EC-based Certificate Authority and by using EC-based certificates OpenVPN can now support elliptic curve cryptography on the control channel. The data channel is still protected using the default cipher BF-CBC (Blowfish) and the default HMAC algorithm SHA1.
It should be noted that with RSA-based certificates the control channel cipher looks remarkably similar:
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
It is not the "ECDHE" part which proves that ECC is used, but "ECDSA".
It is also possible to choose different ECDH "curves". This is done by first listing the available ECDH curves on the OpenVPN server:
[root@server]# openvpn --show-curves Available Elliptic curves: [...] secp112r1 secp112r2 secp521r1 prime192v1 prime192v2 [...]
And then by adding the option to the server configuration file:
ecdh-curve secp521r1
Not all Linux distributions provide an OpenSSL library that supports elliptic curve cryptography out of the box. Notably RedHat-based and RedHat-derived distributions, such as RedHat Enterprise Linux, CentOS and Fedora explicitly disable ECC support. RedHat cites patent issues as the reason, but the "default" OpenSSL library ships with full ECC support.
As the Linux distributions used throughout this book are CentOS and Fedora, a custom build of the OpenSSL 1.0.2 library was made especially for this recipe.
3.139.87.61