Switch to SHA2
SHA1 is no longer considered secure and has been replaced by SHA2, still it is being used by you. Even browsers are planing a complete ban of SHA1 for use with SSL, because it cannot guarantee a secure connection between client and service. VPN services are useless if they use outdated security technologies. Could you please make a switch soon?
Anonymous
shared this idea
-
Peter
commented
Even the severely compromised MD5 algorithm can be used for HMAC, and no practical attacks against HMAC have been demonstrated. SHA2 is already supported by OpenVPN for HMAC, but the performance hit is enormous. Using SHA-256 or SHA-512 for HMAC on a low-end device like a smartphone, tablet, or consumer level router with a weak CPU causes the device to be unable to perform renegotiation within 60 seconds when the ephemeral keys expire. This causes clients to be dropped every time renegotiation takes place. SHA1 HMAC is still absolutely safe, and because SHA2 HMAC creates problems, many OpenVPN based providers will continue to opt for SHA1 HMAC, and are not wrong for doing so. You are not less safe in any way.