Just upgraded to Linux 21 : Can't use eddie [SOLVED]

[rnd227 0]

When I try to launch eddie, it seems to be working, but every connection is interrupted after 3 seconds
I use eddie 2.21.8

In the log :

OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak
OpenVPN > Cannot load inline certificate file

I tried to create a new device on the air website and delete the old one : no success

Update : After deleting /home/user/.config/eddie/default.profile, the problem disappeared.
 

[OpenSourcerer 1410]

A simple relog should've sufficed to pull new certs from AirVPN. But a settings purge works just as well.

Your system is using OpenSSL 3 which deprecated some weak hashing algorithms, especially SHA1, which AirVPN has been using in the past but changed that earlier this year. It may not be used in the entire certificate chain anymore, and upon encountering one OpenSSL would error out with the message you quoted.

[rnd227 0]

Thank you !

[Staff 9894]

On 8/22/2022 at 8:00 AM, OpenSourcerer said:

Your system is using OpenSSL 3 which deprecated some weak hashing algorithms, especially SHA1, which AirVPN has been using in the past but changed that earlier this year. It may not be used in the entire certificate chain anymore, and upon encountering one OpenSSL would error out with the message you quoted.

Correction. The problem is caused by the client certificate signed with SHA1. Switch to SHA512 based signature for those certificates was finalized in 2017, five years ago. For reference the pinned thread pertaining to this problem and why we do not force client certificate renewal is here:
https://airvpn.org/forums/topic/53004-openssl-error-restart-every-3-seconds/?do=findComment&comment=187787

Kind regards
 

[rnd227 0]

Thank you !!