Jump to content
Not connected, Your IP: 18.189.171.171
rnd227

Just upgraded to Linux 21 : Can't use eddie [SOLVED]

Recommended Posts

When I try to launch eddie, it seems to be working, but every connection is interrupted after 3 seconds
I use eddie 2.21.8

In the log :

OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak
OpenVPN > Cannot load inline certificate file
I tried to create a new device on the air website and delete the old one : no success

Update : After deleting /home/user/.config/eddie/default.profile, the problem disappeared.
 

Share this post


Link to post

A simple relog should've sufficed to pull new certs from AirVPN. But a settings purge works just as well. :)

Your system is using OpenSSL 3 which deprecated some weak hashing algorithms, especially SHA1, which AirVPN has been using in the past but changed that earlier this year. It may not be used in the entire certificate chain anymore, and upon encountering one OpenSSL would error out with the message you quoted.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
On 8/22/2022 at 8:00 AM, OpenSourcerer said:

Your system is using OpenSSL 3 which deprecated some weak hashing algorithms, especially SHA1, which AirVPN has been using in the past but changed that earlier this year. It may not be used in the entire certificate chain anymore, and upon encountering one OpenSSL would error out with the message you quoted.


Correction. The problem is caused by the client certificate signed with SHA1. Switch to SHA512 based signature for those certificates was finalized in 2017, five years ago. For reference the pinned thread pertaining to this problem and why we do not force client certificate renewal is here:
https://airvpn.org/forums/topic/53004-openssl-error-restart-every-3-seconds/?do=findComment&comment=187787

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...