Request to allow "dh none" in OpenVPN web interface

An OpenVPN server setup does not need to have a diffie helmann (dh) parameter file but instead can use Eliptic Curves (ECDH) to setup TLS.

The openvpn.conf then should have:
dh none
(Note that this requires peers to be using an SSL library that supports ECDH TLS cipher suites (e.g. OpenSSL 1.0.1+, or mbed TLS 2.0+).

However the web interface insist on uploading a parameter file.

Request is to add a setting to add either 'dh none' or upload a file or fast forward just delete the upload of the dh parameter file and always add 'dh none'.

You can tweak the used curves if you want with with ecdh-curve this setting is available as option but cannot be added to the interface yet , I would also request that that setting could be added to the interface (I use secp384r1 :slight_smile: )

Thanks all devs for this excellent software

Hmm it is actually not very difficult to add it myself

2 Likes