Openvpn: Migrate to Elliptic Curve Cryptography
-
Time measurement on i7 processor
An RSA 4096 DH key generation takes anywhere from 1 minute to 1 hour.
ECC takes around 5 seconds consistently. -
Upgrade process -
Provide option in UI to upgrade -
Explain implications -
Notification on upgrade
-
-
Run setup on OlinuXino Lime 2 to measure time taken
Took 1 minute 47 seconds -
Eliminate the setup step currently required [0/2] -
Change functional tests -
Manual page needs updates
-
-
Get rid of unused legacy code -
Generating a new profile should work for old OpenVPN setups still using RSA -
New installations should use ECDH by default. They should not see the upgrade option -
A manual upgrade option should be provided in the configuration page with the consequences clearly described -
Manual test to verify that VPN functionality still works -
Determine the correct curve to be used
Fixes #1514 (closed)
Edited by Joseph Nuthalapati