Why choose TLS as OpenVPN’s underlying authentication and key negotiation protocol?
TLS is the latest evolution of the SSL family of protocols developed originally by Netscape for their first secure web browser. TLS and its SSL predecessors have seen widespread usage on the web for many years and have been extensively analyzed for weaknesses. In turn, this analysis has led to a subsequent strengthening of the protocol such that today, SSL/TLS is considered to be one of the strongest and most mature secure protocols available. As such, we believe TLS is an excellent choice for the authentication and key exchange mechanism of a VPN product.