feat: add TLS 1.3 support, replace ecdh-curve with tls-groups (#1421)

## Summary - Add TLS 1.3 support with `--tls-version-min` and `--tls-ciphersuites` - Replace deprecated `ecdh-curve` with `tls-groups` - Remove traditional DH support (OpenVPN 2.7 defaults to ECDH) ## New options | Option | Default | |--------|---------| | `--tls-version-min` | `1.2` | | `--tls-ciphersuites` | `TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256` | | `--tls-groups` | `X25519:prime256v1:secp384r1:secp521r1` | ## Removed - `--dh-type`, `--dh-bits`, `--dh-curve` - DH parameter generation Closes https://github.com/angristan/openvpn-install/issues/1231 Closes https://github.com/angristan/openvpn-install/issues/637 Closes https://github.com/angristan/openvpn-install/issues/1362
2025-12-18 01:37:02 +01:00 · 2025-12-15 12:13:03 +01:00
parent 2e0605e2eb
commit 04f7178c80
3 changed files with 180 additions and 101 deletions
--- a/README.md
+++ b/README.md
@@ -289,9 +289,9 @@ The `install` command supports many options for customization:
 - `--rsa-bits <2048|3072|4096>` - RSA key size (default: `2048`)
 - `--hmac <alg>` - HMAC algorithm (default: `SHA256`). Options: `SHA256`, `SHA384`, `SHA512`
 - `--tls-sig <mode>` - TLS mode (default: `crypt-v2`). Options: `crypt-v2`, `crypt`, `auth`
- `--dh-type <ecdh|dh>` - DH key exchange type (default: `ecdh`)
- `--dh-curve <curve>` - ECDH curve (default: `prime256v1`). Options: `prime256v1`, `secp384r1`, `secp521r1`
- `--dh-bits <2048|3072|4096>` - DH key size when using `--dh-type dh` (default: `2048`)
+- `--tls-version-min <1.2|1.3>` - Minimum TLS version (default: `1.2`)
+- `--tls-ciphersuites <list>` - TLS 1.3 cipher suites, colon-separated (default: `TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256`)
+- `--tls-groups <list>` - Key exchange groups, colon-separated (default: `X25519:prime256v1:secp384r1:secp521r1`)
 - `--server-cert-days <n>` - Server cert validity in days (default: `3650`)

 **Client Options:**
@@ -415,9 +415,17 @@ OpenVPN 2.6+ defaults `--allow-compression` to `no`, blocking even server-pushed

 OpenVPN 2.5 and earlier accepted TLS 1.0 by default, which is nearly [20 years old](https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0).

-With `tls-version-min 1.2` we enforce TLS 1.2, which the best protocol available currently for OpenVPN.
+This script defaults to `tls-version-min 1.2` for compatibility with all OpenVPN 2.4+ clients. You can optionally set `tls-version-min 1.3` for environments where all clients support TLS 1.3.

-TLS 1.2 is supported since OpenVPN 2.3.3.
+**TLS 1.3 support** was added in OpenVPN 2.5 and requires OpenSSL 1.1.1+. TLS 1.3 offers improved security and performance with a simplified handshake.
+
+The script configures TLS 1.3 cipher suites via `--tls-ciphersuites` (separate from the TLS 1.2 `--tls-cipher` option). The default TLS 1.3 cipher suites are:
+
+- `TLS_AES_256_GCM_SHA384`
+- `TLS_AES_128_GCM_SHA256`
+- `TLS_CHACHA20_POLY1305_SHA256`
+
+TLS 1.2 is supported since OpenVPN 2.3.3. TLS 1.3 is supported since OpenVPN 2.5.

 ### Certificate

@@ -476,6 +484,8 @@ OpenVPN 2.4 added a feature called "NCP": _Negotiable Crypto Parameters_. It mea

 OpenVPN 2.4 will negotiate the best cipher available by default (e.g ECDHE+AES-256-GCM)

+#### TLS 1.2 ciphers (`--tls-cipher`)
+
 The script proposes the following options, depending on the certificate:

 - ECDSA:
@@ -489,20 +499,34 @@ The script proposes the following options, depending on the certificate:

 It defaults to `TLS-ECDHE-*-WITH-AES-128-GCM-SHA256`.

-### Diffie-Hellman key exchange
+#### TLS 1.3 ciphers (`--tls-ciphersuites`)

-OpenVPN uses a 2048 bits DH key by default.
+When TLS 1.3 is negotiated, a separate set of cipher suites is used. These are configured via `--tls-ciphersuites` and use OpenSSL naming conventions:

-OpenVPN 2.4 added support for ECDH keys. Elliptic curve cryptography is faster, lighter and more secure.
+- `TLS_AES_256_GCM_SHA384`
+- `TLS_AES_128_GCM_SHA256`
+- `TLS_CHACHA20_POLY1305_SHA256`

-Also, generating a classic DH keys can take a long, looong time. ECDH keys are ephemeral: they are generated on-the-fly.
+By default, all three cipher suites are enabled. TLS 1.3 cipher suites are simpler because they don't include the key exchange algorithm (which is negotiated separately via key shares).

-The script provides the following options:
+### Key exchange

- ECDH: `prime256v1`/`secp384r1`/`secp521r1` curves
- DH: `2048`/`3072`/`4096` bits keys
+OpenVPN historically defaulted to 2048-bit DH parameters for key exchange. This script used to offer both DH (with configurable key sizes) and ECDH as alternatives.

-It defaults to `prime256v1`.
+OpenVPN 2.4 added ECDH support, and OpenVPN 2.7 made `dh none` (ECDH) the default, as finite-field DH is being deprecated. Since ECDH is now universally supported and preferred, this script no longer offers traditional DH.
+
+The script configures `tls-groups` with the following preference list:
+
+```
+X25519:prime256v1:secp384r1:secp521r1
+```
+
+- **X25519**: Fast, modern curve (Curve25519), widely supported
+- **prime256v1**: NIST P-256, most compatible
+- **secp384r1**: NIST P-384, higher security
+- **secp521r1**: NIST P-521, highest security
+
+You can customize this with `--tls-groups`.

 ### HMAC digest algorithm