18

Linux Mint 21

Success install openvpn.

OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022



openssl version -a
OpenSSL 1.1.1q  5 Jul 2022
built on: Mon Aug 15 08:08:28 2022 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/lib/engines-1.1"
Seeding source: os-specific

Now want to connect to remote setup via openvpn.

sudo openvpn Leo.ovpn

but get error:

2022-08-15 09:29:10 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-08-15 09:29:10 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2022-08-15 09:29:10 WARNING: file 'client.key' is group or others accessible
2022-08-15 09:29:10 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-08-15 09:29:10 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2022-08-15 09:29:10 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2022-08-15 09:29:10 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2022-08-15 09:29:10 Cannot load certificate file client.crt
2022-08-15 09:29:10 Exiting due to fatal error

P.S. I check folder. Exist files: client.crt and ca.crt

sudo openssl x509 -text -in ca.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d5:a0:93:fa:24:35:4d:95

...

Alexei
  • 383
  • 1
  • 2
  • 12

4 Answers4

19

Ubuntu 22.04.1 LTS

just as said above, add this

tls-cipher "DEFAULT:@SECLEVEL=0"

to your vpn client config(not openssl.cnf), mine looks like this(example):

client
tls-client
ca vpnname/ca.crt
cert vpnname/user.crt
key vpnname/user.key
tls-crypt vpnname/myvpn.tlsauth
proto udp
remote 1.1.1.1 1194 udp
dev tun
topology subnet
pull
user nobody
group nogroup
script-security 2
tls-cipher "DEFAULT:@SECLEVEL=0"
#up /etc/openvpn/vpnname/up.sh
#down /etc/openvpn/vpnname/down.sh
Андрей Кондратьев
  • 306
  • 1
  • 2
  • Note that in order for this to be picked up, you need to restart NetworkManager: `sudo systemctl restart NetworkManager`. – AVH Oct 28 '22 at 09:47
  • add `tls-cipher "DEFAULT:@SECLEVEL=0"` to the ovpn file. – desertSniper87 Dec 13 '22 at 16:22
  • 3
    In case you need to set this for one particular connection managed by NetworkManager: The configuration file is located at `/etc/NetworkManager/system-connections/` and the NetworkManager specific syntax is `tls-cipher=DEFAULT:@SECLEVEL=0`. – Hermann Apr 11 '23 at 08:45
11

The answer is in the error messages (error:0A00018E:SSL routines::ca md too weak). OpenSSL refuses to use the CA certificate because certain parameters are considered insecure nowadays. This could be caused by the certificate using MD5 or SHA1 for signing.

You should regenerate your CA and certificates with secure hash algorithms for the signature, as your currently used hash algorithms are not considered secure anymore.

There is a workaround available by adding the following to your openssl.cnf:

tls-cipher "DEFAULT:@SECLEVEL=0"

Another workaround is available since OpenVPN 2.6.0:

OpenSSL 3.0 support

OpenSSL 3.0 has been added. Most of OpenSSL 3.0 changes are not user visible but improve general compatibility with OpenSSL 3.0. --tls-cert-profile insecure has been added to allow selecting the lowest OpenSSL security level (not recommended, use only if you must). OpenSSL 3.0 no longer supports the Blowfish (and other deprecated) algorithm by default and the new option --providers allows loading the legacy provider to renable these algorithms.

0xC0000022L
  • 6,819
  • 10
  • 50
  • 82
mtak
  • 16,513
  • 2
  • 52
  • 64
  • 2
    This "tls-cipher "DEFAULT:@SECLEVEL=0"" not help – Alexei Aug 15 '22 at 07:49
  • Can you add to the question a sanitized version of `openssl x509 -text -in ca.crt`? – mtak Aug 15 '22 at 07:54
  • I was updated my post – Alexei Aug 15 '22 at 08:18
  • That is extremely sanitized, and not very useful :) . Please post the output with just identifying marks removed (subject, issuer, that sort of stuff). – mtak Aug 15 '22 at 08:46
  • I fixed the problem. See my answer – Alexei Aug 15 '22 at 13:39
  • This worked for me on windows 11 running on VirtualBox – Miguel Tomás Dec 09 '22 at 15:57
  • @mtak I interpret this the same as you, but in my case I get `Signature Algorithm: sha256WithRSAEncryption` and since it is a self-signed CA, there is no certificate chain with weaker algos either. Mysterious. However, the _user_ cert uses SHA1 in my case (`Signature Algorithm: sha1WithRSAEncryption`). – 0xC0000022L Jun 27 '23 at 08:56
  • 1
    Not only is this the fullest answer (including advice to regenerate the certs if possible - although note that the CA is irrelevant and doesn't need to be regenerated even if it's using MD5), but it's also the first answer to have the solution. I'm not sure why the other answer is higher voted. – DimeCadmium Jun 27 '23 at 17:38
  • @0xC0000022L - only the signature on the (non-CA) cert is relevant. Since the CA is self-signed and separately distributed to/trusted by all systems, its signature does not matter. – DimeCadmium Jun 27 '23 at 17:41
  • @DimeCadmium `md` in the error message refers to "message digest" and isn't limited to the algorithms having that acronym in their name, e.g. MD5. It includes SHA-1, SHA-2 etc. When I read an error message such as `error:0A00018E:SSL routines::ca md too weak`, however, I expect that `ca` to have a meaning. I only figured that the user certificate was meant by inspecting the certificates, obviously. But I still wonder what `ca` means in the context of the error message. Of course the user certificate needn't be issued by a (self-signed or not) CA either, I reckon, but typically it _would be_. – 0xC0000022L Jun 28 '23 at 11:26
  • @DimeCadmium there's one flaw in this answer, which I noticed just now: it claims this is about ciphers being deemed insecure. That's simply wrong. It's not about ciphers at all. It's about cryptographic hash algorithms -- or in alternative lingo "message digests" -- not about the key ciphers. – 0xC0000022L Jun 28 '23 at 11:30
  • I did not mean "even if it's using MD5" to exclude the possibility of the error message also applying to other digests than MD5, rather just using the "most broken" as an example. -- I imagine that "ca md" means "the MD signed by the CA", but I do not know. One thing OpenSSL is not known for, IMHO, is obvious error messages :) -- If the user cert isn't signed by a (trusted) CA, then you will either need to disable cert validation or pin it. In this case the sig algorithm on the cert doesn't *technically* matter, though I don't know how OpenSSL treats it. – DimeCadmium Jul 12 '23 at 22:37
2

Given:

Linux Mint 21
OpenVPN 2.5.5 , Mar 22 2022
OpenSSL 3.0.2 , 15 Mar 2022

I fix the problem:

I install openvpn ver. 2.4.7 and now no error.

OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 15 2022
library versions: OpenSSL 1.1.1q  5 Jul 2022, LZO 2.10

OpenSSL 1.1.1q  5 Jul 2022
Alexei
  • 383
  • 1
  • 2
  • 12
  • 1
    Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Aug 15 '22 at 15:47
  • you can use deb from oficial ubuntu LTS https://ubuntu.pkgs.org/20.04/ubuntu-main-amd64/openvpn_2.4.7-1ubuntu2_amd64.deb.html/ mirrow https://download.nus.edu.sg/mirror/ubuntu/pool/main/o/openvpn/ – ggoha Sep 05 '22 at 13:07
0

The problem is described in the article Ubuntu 22.04 OpenSSL error fixing:

Ubuntu and Xubuntu 22.04 moved to OpenSSL 3.0. This is causing errors (0A00018E:SSL routines::ca md too weak) with Wifi and other internet connections. This is because OpenSSL 3.0 considers MD5 and SHA1 hash Algorithms used on old CA certificates invalid.

Although the article is for Ubuntu, it probably also applies to the latest Linux Mint.

This article proposes the following solutions:

Solution 1: If you are using Wi-Fi or a VPN and you are getting the error, then the immediate solution is to renew your key pairs to be compatible with OpenSSL 3. This is because OpenSSL 3 which is used by default in Ubuntu 22.04 does not accept SHA1 algorithm. Learn more about OpenSSL 3.0.

Solution 2: Install OpenSSL 3 . Here is a guide on how to install OpenSSL 3 on Ubuntu 22.04.

Solution 3: If you are facing a problem with SSH, then make sure that you have selectively enabled it as it is disabled by default in OpenSSH.

NOTE: Third-party packages that use libssl1.1 will also need to be upgraded to libssl3.

harrymc
  • 455,459
  • 31
  • 526
  • 924
  • I success installed OpenSSL 3.0 but it not help – Alexei Aug 15 '22 at 09:20
  • You need to recreate the certificate - it's too weak. Do not use these old hash algorithms. – harrymc Aug 15 '22 at 09:25
  • It's impossible because certificate generate by admin. I can't access for this procedure – Alexei Aug 15 '22 at 10:36
  • If you are obliged to use it, then you need to configure OpenSSL. (Downgrading to an older version of Linux is never a good idea.) See the [Providers section](https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers) of the OpenSSL wiki for an example config. You need to load the legacy provider. – harrymc Aug 15 '22 at 11:00
  • I fixed the problem. See my answer – Alexei Aug 15 '22 at 13:39