alice 0xa

## example.conf
proxy_cache_path /tmp/cache levels=1:2 keys_zone=s3_cache:10m max_size=15g inactive=24h use_temp_path=off;

server {
  listen 443 ssl;
  server_name files.example.com;
  keepalive_timeout 30;

  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

  location = / {

## Tutorial.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                0xa
                / Tutorial.md
            
            
              Last active
              August 29, 2015 14:19
            
          
    Hi there,
How to secure correctly your OpenVPN connection you said?

Yes! This little code snippet will improve drasticaly the strength of your OpenVPN connection while keeping very good performances. You just have to add the code available below at the end of you configuration file.
Important precisions


It may not work everywhere. @Korben (Twitter) got a problem because his server didn't support ECDHE, if you can't use this configuration then try to change ECDHE by DHE in the tls-cipher parameters. It should works but it will consume more battery if you are on a mobile/laptop because it will not use Elliptic curves to make the handshake.
You should check if your processor have AES-NI instructions. If yes then the key generation / exchange should be protected from SPA (Simple Power Analysis) and DPA (Differencial Power Analysis) attacks and AES will be a lot faster.
	proxy_cache_path /tmp/cache levels=1:2 keys_zone=s3_cache:10m max_size=15g inactive=24h use_temp_path=off;

	server {
	listen 443 ssl;
	server_name files.example.com;
	keepalive_timeout 30;

	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

	location = / {