![]() There is a workaround available by adding the following to your openssl.cnf: tls-cipher workaround is available since OpenVPN 2.6.0: OpenSSL 3.0 support You should regenerate your CA and certificates with secure hash algorithms for the signature, as your currently used hash algorithms are not considered secure anymore. This could be caused by the certificate using MD5 or SHA1 for signing. OpenSSL refuses to use the CA certificate because certain parameters are considered insecure nowadays. ![]() The answer is in the error messages ( error:0A00018E:SSL routines::ca md too weak). Exist files: client.crt and ca.crt sudo openssl x509 -text -in ca.crt 09:29:10 Cannot load certificate file client.crt 09:29:10 OpenSSL: error:0A00018E:SSL routines::ca md too weak 09:29:10 WARNING: No server certificate verification method has been enabled. 09:29:10 WARNING: file 'client.key' is group or others accessible If you need this fallback please add '-data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to -data-ciphers. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. Sent packets are not compressed unless "allow-compression yes" is also set. Compression has been used in the past to break encryption. sudo openvpn Leo.ovpnīut get error: 09:29:10 WARNING: Compression for receiving enabled. Now want to connect to remote setup via openvpn. Options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)Ĭompiler: gcc -fPIC -pthread -m64 -Wa,-noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |