Table of Contents
Advertisement
● Verification of the server certificate necessary
The function is optional but for security reasons is, however, recommended.
If this option is enabled during connection establishment, the client checks whether the
certificate of the server is actually a server certificate based on the purpose of the
certificate. This ensures that no other client can pretend to be a server with its valid client
certificate.
● Cipher
The following encryption standards are available:
– AES-256_CBC
– BF_CBC
The parameter must be set the same on the server and client.
To encrypt the data, the method CBC is always used.
● Hash method
As hash algorithms for authenticating the user data the following can be used:
– SHA-1
– SHA-224
– SHA-256
The parameter must be set the same on the server and client.
● Key exchange time (s)
Maximum time for the TLS key exchange after initializing the handshake.
Permitted range: 0 to 65535 s. Default: 60 s. If you enter 0 (zero), the function is
deactivated.
Note that 60 seconds with bad connection quality may not be adequate.
● Keepalive monitoring time (s)
If the partner does not respond to the keep alive frame of the RTU or another frame
within the keepalive monitoring time, the RTU aborts the connection and attempts to
reestablish it.
If the OpenVPN server is reached using its DNS name then along with the monitoring
frame a new DNS resolution is performed. In particular when the server uses a DynDNS
service and occasionally changes the IP address increasing the monitoring time can
make sense.
RTU303xC
Operating Instructions, 06/2019, C79000-G8976-C382-06
(BlowFish)
Note: BlowFish is no longer considered secure and is currently only supported for
reasons of compatibility.
Configuration (WBM)
4.16 Security
153
Hide quick links:
Advertisement
Table of Contents
