SHA1 for HMAC
I understand the defaults in 2.4.4 were updated to reflect modern crypto.
I'm curious why SHA1 is considered weak for the hash.
Is there a performance diff between SHA1 and SHA256?
According to these articles, SHA1 is still ok for HMAC.
But perhaps something has changed since they were written?
Though SHA1 may still be safe right now, if your goal is "secure by default" why pick something you know is a ticking time bomb?
There may be a performance difference between SHA1 and SHA256 but it largely depends on your hardware and workload.
If that bothers you, use AES-GCM which does the encryption and hashing in one (accelerated) step.
Thanks for the feed back.
Can I do GCM with a PSK S2S tunnel?
With IPsec, yes. With OpenVPN, no. OpenVPN shared key mode isn't compatible with GCM (IIRC it requires SSL/TLS)