{"id":1394,"date":"2016-06-07T11:21:16","date_gmt":"2016-06-07T02:21:16","guid":{"rendered":"https:\/\/blog.ymyzk.com\/?p=1394"},"modified":"2016-12-28T15:53:36","modified_gmt":"2016-12-28T06:53:36","slug":"openvpn-tls-1-2","status":"publish","type":"post","link":"https:\/\/blog.ymyzk.com\/2016\/06\/openvpn-tls-1-2\/","title":{"rendered":"OpenVPN \u306e tls-cipher \u3067 TLS 1.2 \u306e\u6697\u53f7\u3092\u7528\u3044\u308b\u65b9\u6cd5"},"content":{"rendered":"

OpenVPN \u306e\u8a2d\u5b9a\u306e tls-cipher \u306f control channel \u306e\u6697\u53f7\u5316\u65b9\u5f0f\u306e\u8a2d\u5b9a\u3067\u3059. \u3053\u306e\u8a18\u4e8b\u3067\u306f tls-cipher \u306b TLS 1.2 \u3067\u5229\u7528\u3067\u304d\u308b\u6697\u53f7 (e.g.\u00a0TLS_DH_RSA_WITH_AES_256_CBC_SHA<\/code>) \u3092\u5229\u7528\u3059\u308b\u65b9\u6cd5\u3092\u8aac\u660e\u3057\u307e\u3059.<\/p>\n

<\/p>\n

OpenVPN \u306e\u30d0\u30fc\u30b8\u30e7\u30f3<\/h2>\n

TLS 1.2 \u306e cipher suites \u3092\u5229\u7528\u3059\u308b\u305f\u3081\u306b\u306f OpenVPN 2.3.3 \u4ee5\u964d\u3067\u3042\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059. OpenVPN \u306e tls-cipher \u306b\u8a2d\u5b9a\u3067\u304d\u308b cipher suites \u306f openvpn --show-tls<\/code> \u3067\u78ba\u8a8d\u3067\u304d\u307e\u3059.<\/p>\n

\u8a2d\u5b9a<\/h2>\n

\u30b5\u30fc\u30d0\u30fc\/\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u53cc\u65b9\u306e\u8a2d\u5b9a\u306e tls-cipher \u306b\u5229\u7528\u3057\u305f\u3044 cipher suite \u3092\u6307\u5b9a\u3057\u307e\u3059. TLS-ECDHE-*<\/code> \u306a\u3069\u306f TLS 1.2 \u306e cipher suite \u306b\u542b\u307e\u308c\u3066\u3044\u3066\u3082 OpenVPN \u3067\u306f\u5229\u7528\u3067\u304d\u306a\u3044\u3088\u3046\u3067\u3059.<\/p>\n

\u307e\u305f, tls-version-min 1.2<\/code> \u306e\u8a2d\u5b9a\u3082\u8ffd\u52a0\u3057\u3066\u304a\u304b\u306a\u3044\u3068, TLS 1.2 \u306e cipher suite \u3092\u7528\u3044\u3066\u63a5\u7d9a\u3067\u304d\u306a\u3044\u3088\u3046\u3067\u3059. (\u3053\u306e\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3057\u306a\u3044\u3068\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u8868\u793a\u3055\u308c\u63a5\u7d9a\u3055\u308c\u306a\u3044\u6a21\u69d8.) \u8a2d\u5b9a\u4f8b:<\/p>\n

tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256\r\ntls-version-min 1.2<\/code><\/pre>\n
\u53c2\u8003<\/h2>\n