OpenVPN RSA Handshake

OpenVPN protocol uses an RSA handshake to secure communication when a VPN connection is created. Learn why it is essential to know the type of the OpenVPN RSA handshake key used by your VPN provider.

What is the RSA handshake encryption?

RSA is a public-key encryption system (aka cryptosystem) used for securing the data transmission. In such a system the encryption key is public and the decryption key is kept secret (private key).

A user of RSA creates and publishes the public key. Anyone can use the public key to encrypt a message, but the message can be decrypted only by those that have access to the private key.

When an OpenVPN VPN connection is created, the negotiation between the server and the client is done using SSL implemented with the RSA handshake keys. This handshake occurs at the very beginning of an OpenVPN session, not for all OpenVPN connections.

RSA-1024 cracked, RSA-2048 considered safe

The length of the keys (1024-bit, 2048-bit, 4096-bit) is crucial as it determines the level of security. But, it may also slow down the connection speed. The larger the key, the slower the connection.

It was demonstrated that the 1024-bit RSA handshake key could be cracked and it probably has been by different organizations (NSA alike). After the demonstration was published, most of the providers in the security industry have upgraded their RSA handshake keys to RSA-2048 or RSA-4096 that are considered secure.

OpenVPN RSA handshake keys and the VPN providers. Why are they important?

RSA-2048 is considered the minimum standard VPN encryption for commercial VPN providers.

If a VPN provider uses RSA-1024 than the communication between your computer/device and the VPN server may be compromised. It is not something you want!

Important! You should check the length of the OpenVPN RSA handshake key of your current VPN provider or before you subscribe to a new one.

VPN providers & the RSA key length

I have checked the level of encryption (the length of OpenVPN RSA handshake key) used by the providers I use regularly and that I keep an eye on it. Here are the results:

VPN ProviderOpenVPN RSA handshake key length
ibVPN2048-bit RSA
NordVPN2048-bit RSA
Private Internet Access4096-bit RSA (maximum security)
IPVanish2048-bit RSA
ExpressVPN4096-bit RSA (maximum security)

What do you think?

What do you think of the RSA key size? Is it important?

Do you look at the length of the RSA encryption key when you choose your VPN provider? What VPN service or VPN client do you use? Do you use different encryption methods for Windows and Mac?

Let us know your thoughts in the comments below.