Jump to content
Not connected, Your IP: 3.15.1.23
yorwos

OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak

Recommended Posts

Posted ... (edited)

OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak

Fresh Xubuntu 22.04 system. Connecting with wifi(6) atm. On windows i have no problems.
Tried experimental version of eddie and older verssion but got same results. System build : aorus ultra x570, 5600x, nvidia rtx 2060, nvme m.2 hdd
Tried turning on/off network stack drivers from bios, no change. Forgot default option for it.


. 2022.04.19 21:58:41 - Eddie version: 2.20.0 / linux_x64, System: Linux, Name: Ubuntu 22.04 LTS \n \l, Version: Linux Studio 5.15.0-25-generic #25-Ubuntu SMP Wed Mar 30 15:54:22 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux, Mono/.Net: 6.8.0.105 (Debian 6.8.0.105+dfsg-3.2 Wed Jun 30 05:34:49 UTC 2021); Framework: v4.0.30319
. 2022.04.19 21:58:41 - Command line arguments (2): path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui"
. 2022.04.19 21:58:41 - Raise system privileges
. 2022.04.19 21:58:45 - Profile path: /home/
UserXXX/.config/eddie/default.profile
. 2022.04.19 21:58:45 - Reading options from /home/
UserXXX/.config/eddie/default.profile
. 2022.04.19 21:58:46 - Tun Driver - /dev/net/tun
. 2022.04.19 21:58:46 - OpenVPN - Version: 2.5.5 - OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 (/usr/sbin/openvpn)
. 2022.04.19 21:58:46 - SSH - Version: OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022 (/usr/bin/ssh)
. 2022.04.19 21:58:46 - SSL - Version: Initializing (/usr/bin/stunnel4)
. 2022.04.19 21:58:46 - curl - Version: 7.81.0 (/usr/bin/curl)
I 2022.04.19 21:58:46 - Ready
. 2022.04.19 21:58:48 - Collect information about AirVPN completed
I 2022.04.19 21:58:52 - Session starting.
. 2022.04.19 21:58:52 - Waiting for latency tests (9 to go)
. 2022.04.19 21:58:53 - Waiting for latency tests (7 to go)
. 2022.04.19 21:58:54 - Waiting for latency tests (5 to go)
. 2022.04.19 21:58:55 - Waiting for latency tests (3 to go)
I 2022.04.19 21:58:56 - Checking authorization ...
! 2022.04.19 21:58:57 - Connecting to Lupus (Sweden, Stockholm)
. 2022.04.19 21:58:57 - OpenVPN > OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
. 2022.04.19 21:58:57 - OpenVPN > library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
. 2022.04.19 21:58:57 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak
. 2022.04.19 21:58:57 - OpenVPN > Cannot load inline certificate file
. 2022.04.19 21:58:57 - OpenVPN > Exiting due to fatal error
! 2022.04.19 21:58:57 - Disconnecting
. 2022.04.19 21:58:57 - Connection terminated.


ps: besides the standard .deb builds for eddie-ui i tried and got this error, some of the rest like appimage or portable i got shared library errors or libraries missing.

Edited ... by yorwos
supplying more info/compacting

Share this post


Link to post

Renew the key pair you intend to use with Eddie (or renew them all to be on the safe side for the future) in the client area, then restart Eddie and try again. The "problem" is that SHA1 is considered a weak digest in OpenSSL 3. Even if new and renewed client certificates have been signed with SHA512 for years now, the CA cert from AirVPN was still SHA1-signed. This threw the error for users of Schwabe's OpenVPN for Android and throws it for you now, too: If in a given certificate chain there is a cert signed with a weak digest, OpenSSL errors out.
More info:.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Ok, deleted (appreciated) and new device installed with new keys installed.
Created some ovpn configs, couldn't import to eddie.
Eddie shutdown, re-run, and its working!
I hope when i login to windows it will also keep working without having to use those files ? (dual boot, win11+fresh ubuntu)
We'll see
 

Share this post


Link to post
1 hour ago, yorwos said:

Created some ovpn configs, couldn't import to eddie.


Those are not meant for Eddie, they're meant for all other not-from-AirVPN clients. :)
 
1 hour ago, yorwos said:

I hope when i login to windows it will also keep working without having to use those files ? (dual boot, win11+fresh ubuntu)


If you're using Eddie on both Windows and Ubuntu, yes, it's all automatic.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
Posted ... (edited)

It would appear that this issue is now affecting the built-in configs for eddie-ui. I can't connect to any server. Here's a recent log:

[old log is old]
If we ask *very* nicely, can we please get an update at least to the eddie-ui-git aur page? 🥺

EDIT: hey guys, I'm sorry I didn't more thoroughly check @OpenSourcerer 's post above for more info. Turns out I myself had a "depreciated" key cert in my device profile (I've never been in this section of the site before), so I deleted it and created a new item and that apparently made a functional sha-512 key which I now can connect with. I suspect a recent openssl update on my end is now enforcing higher cert signings. I apologize once again. Edited ... by not_a_salamander
my bad :(((

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...