rnd227 0 Posted ... When I try to launch eddie, it seems to be working, but every connection is interrupted after 3 seconds I use eddie 2.21.8 In the log : OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak OpenVPN > Cannot load inline certificate file I tried to create a new device on the air website and delete the old one : no successUpdate : After deleting /home/user/.config/eddie/default.profile, the problem disappeared. Quote Share this post Link to post
OpenSourcerer 1441 Posted ... A simple relog should've sufficed to pull new certs from AirVPN. But a settings purge works just as well. Your system is using OpenSSL 3 which deprecated some weak hashing algorithms, especially SHA1, which AirVPN has been using in the past but changed that earlier this year. It may not be used in the entire certificate chain anymore, and upon encountering one OpenSSL would error out with the message you quoted. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Staff 10014 Posted ... On 8/22/2022 at 8:00 AM, OpenSourcerer said: Your system is using OpenSSL 3 which deprecated some weak hashing algorithms, especially SHA1, which AirVPN has been using in the past but changed that earlier this year. It may not be used in the entire certificate chain anymore, and upon encountering one OpenSSL would error out with the message you quoted. Correction. The problem is caused by the client certificate signed with SHA1. Switch to SHA512 based signature for those certificates was finalized in 2017, five years ago. For reference the pinned thread pertaining to this problem and why we do not force client certificate renewal is here:https://airvpn.org/forums/topic/53004-openssl-error-restart-every-3-seconds/?do=findComment&comment=187787 Kind regards Quote Share this post Link to post