easy-rsa can do 4096bit keys, been there done that, we should recommend it for VPNs
authorAaron Zauner <azet@azet.org>
Tue, 3 Dec 2013 21:02:57 +0000 (22:02 +0100)
committerAaron Zauner <azet@azet.org>
Tue, 3 Dec 2013 21:02:57 +0000 (22:02 +0100)
src/practical_settings/vpn.tex

index e2bd671..2910b57 100644 (file)
@@ -296,7 +296,7 @@ The file \verb|vars| in the easyrsa installation directory has a
 number of settings that should be changed to secure values:
 
 \begin{lstlisting}[breaklines]
-export KEY_SIZE=2048 
+export KEY_SIZE=4096
 export KEY_EXPIRE=365
 export CA_EXPIRE=1826
 \end{lstlisting}