Zeroshell VPN key security Home Page › Forums › Network Management › ZeroShell › Zeroshell VPN key security This topic contains 0 replies, has 0 voices, and was last updated by reaperz 2 years, 8 months ago. Viewing 2 posts - 1 through 2 (of 2 total) Author Posts May 9, 2017 at 8:44 am #44800 reaperzParticipant I was restarting my LAN-to-LAN VPN connection and saw such messages in log: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Is it really true, that I am using only 64-bit VPN-key? How to find out? If really true, why is key length not configurable in Zeroshell? How to use AES256 NOW? It is year 2017, 64-bit keys were considered insecure even 10 years ago… May 9, 2017 at 10:11 am #54455 reaperzParticipant I did add to all my VPN-link Parameters: –cipher AES-256-CBC Did I do the right thing? Am I using AES256 now? At least it did disconnect current VPN tunnels and did not come back up, unless both sides were configured with –cipher AES-256-CBC Author Posts Viewing 2 posts - 1 through 2 (of 2 total) You must be logged in to reply to this topic.