Use 4096 bits public key certificate
As 1024 bits RSA key is becoming weak, we don't exactly know the power of NSA and others intelligence agencies so I suggest to change the keysize to 4096 bits to be sure that no one will be able to factorize the key.
Yes this! 1024 is weak. Cryptographic Settings i have to use to connect with are below what most others offer. this really needs to be updated..
Dirk Gently commented
Today VyprVPN uses a top level GoldenFrog certificate which is 2048 bit v3, but uses sha1 algorithm.
This, and all certificates VypnVPN should move to sha256 due to known vulnerabilities with sha1. And as per this original request, uplifted to 4096 bit.
Until done, this makes VypnVPN non-compliant to both PCI-DSS and NIST standards.
Also, given the GoldenFrog code signing certificate is up for renewal (19-May-2016), it should be fixed to be properly trusted in the certificate store and also sha256.
As GoldenFrog own the end to end of the VypnVPN service, can they confirm:-
1. that they're working towards updating to newer TLS 1.2
2. that VypnVPN isn't one of those services that failed the tests via https://www.htbridge.com/blog/90-percent-of-ssl-vpns-use-insecure-or-outdated-encryption.html
I enjoy using the service, but given recent articles in the public press I want to be assured this is a secure end-to-end service.
Thanks but I just want to make the request a bit clearer, it concern the RSA Handshake for OpenVPN/Chameleon connections. Actually, you are using 2048 bits certificate.