ovpm
ovpm copied to clipboard
same dh4096.pem on all installation [add option to change in OVPM]
I use the rpm version of ovpm, and all installations have the same dh4096.pem. you ~~should warn for changing it in /var/db/ovpm~~ , or add an option in ovpm to change it. just edit. each time you restart ovpm it rewrite dh4096.pem with the old same file
@jidea I don't see any problem with using it in all installations as far as security concerned since 4096-bit field primes are known to be safe against logjam attacks and they are safe to be published. They are there for practicality reasons (generating 4096 DH-Params takes time).
But adding an option to change it in the OVPM is a good idea since this way the user don't have to trust OVPM developers for the DH-Params.
Another thing to address is /var/db/ovpm
is not meant to be edited or fiddled by the user. Nothing is guaranteed to stay still in that directory.
Thus obvious way to make changes to the underlying config would be through OVPM CLI or WebUI.