tlsauth - Infinite Lexicon - Infinite Lexicon

tlsauth

TLSauth, commonly written as tls-auth, is a feature associated with OpenVPN that adds an extra layer of authentication to the TLS handshake. It relies on a static pre-shared key (the ta.key) to generate an HMAC that is applied to TLS handshake messages, helping to validate peers before the TLS handshake proceeds. The same ta.key must be loaded on both server and client sides and kept secret to prevent impersonation. The key is typically created with a command such as openvpn --genkey --secret ta.key and then distributed securely to all participating nodes.

In operation, the ta.key is used to compute an HMAC over the initial handshake packets. If the

Security considerations and relationship to other technologies: tls-auth does not itself encrypt VPN traffic or the

See also: OpenVPN, TLS handshake, TLS-crypt, VPN security.

denial-of-service

a

0

a

a

authentication,