We’re excited to announce OpenVPN support for Elliptic Curve Crypto. ECC support is still is beta however results have been very promising. Second generation Suite B Elliptic Curve cryptography offers both better performance and higher security than the first generation widely used RSA. While we are at this, we also made numerous security enhancements to make our VPN even more secure.
What this means to you?
Faster speeds, Highly secure, Efficient use of resources. To give you an idea, 384 bits ECDSA is equivalent to RSA 7680 bits. Higher the bits, more secure it gets.
ECC is used during OpenVPN tunnel authentication and key exchange, which are the most important parts of VPN communication.
- Certificate Public Key: ECC 384 bits / ECDSA_P384
- Signature hash: SHA-256
- OpenVPN Data-channel encryption: we use AES-256-GCM which is stronger than AES-256-CBC
- Control Channel cipher: TLSv1.2, ECDHE-ECDSA-AES256-GCM-SHA384
- HMAC authentication algorithm: SHA384
How to connect?
You need OpenVPN v2.4 or higher to take advantage of newer features. OpenVPN configs (port 1109) are available for download from account area.
What else changed?
We now default to AES-256 bit data encryption and fallback to other ciphers if you are running an older OpenVPN software. Upgrading to OpenVPN v2.4 or higher is highly recommended for increased security.