Jump to content
Not connected, Your IP: 3.139.79.187
Air4141841

ANSWERED Eddie still using insecure openssl version?

Recommended Posts

39 minutes ago, Air4141841 said:

When will the Eddie client receive the newer openssl 3* ?


https://www.openssl.org/source/

states 1.1.1 should not be used 


Hello!

Eddie is not linked against any OpenSSL library. It's OpenVPN the program linked against some TSL library, which is in most cases OpenSSL, and that depends on your system. Eddie Windows and Mac edition include a ready to use OpenVPN binary linked against OpenSSL and this binary is updated on each new version, but you can update it by yourself. You can also tell Eddie to start a specific OpenVPN binary in your system.

WireGuard does not use any external TLS library, so if you have Eddie connection mode set to WireGuard you can ignore OpenSSL.

Kind regards
 

Share this post


Link to post

I guess I still do not follow.   when the troubleshooting forum posts list Eddie logs 
so Eddie is bundled with the same version of openvpn as the current servers are running 2.5.5? 
we would need to manually tell the program to use an updated version?    is there an article written with these instructions I can review so I can better understand? 

here are the connection logs to Airvpn with my updated router:
 

openvpn_client5 OpenVPN 2.6.10 amd64-portbld-freebsd13.2 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
openvpn_client5 library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10

Share this post


Link to post
1 hour ago, Air4141841 said:

guess I still do not follow.   when the troubleshooting forum posts list Eddie logs 
so Eddie is bundled with the same version of openvpn as the current servers are running 2.5.5? 
we would need to manually tell the program to use an updated version?    is there an article written with these instructions I can review so I can better understand? 


Hello!

You can either use the OpenVPN version packaged with Eddie, Hummingbird, or another version, as you prefer.

To change OpenVPN version selected by Eddie, please install in your system the OpenVPN version you prefer; then, run Eddie and from its main window select "Preferences" > "Advanced". Beside the "OpenVPN custom path" field please click the file requester symbol to navigate through your file system and choose the proper OpenVPN binary file. Finally click "Save". Alternatively just type in the field the binary name with the complete, absolute path, and click "Save".

Kind regards
 

Share this post


Link to post

If I understand this correctly the application, if using the supplied version of OpenVpn bundled w/ Eddie will use the system installed lib version of OpenSSL?

Is the log line "OpenVPN - Version: 2.5.5 - OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10" referring to an old OpenSSL ver used at the time of 2.5.5? In other words is this a static line not reflecting the current system version, i.e. does not fetch the current version its using? My current version underlying the above log entry is OpenSSL 3.1.2 as confirmed via Terminal. How to confirm this is in use? .. see attached SS.

As an additional question what is the appropriate 'OpenVPN' package to install if you wish to point to a newer version .. is it OpenVPN Connect (client) or some other variant? (link would be helpful).
 

Screen Shot 2024-08-04 at 4.27.57 PM.png

Share this post


Link to post
@Balaena

Hello!

In the macOS package, Eddie 2.21.8 includes OpenVPN 2.5.5 linked against OpenSSL 1.1.1, which is perfectly fine (OpenVPN 2.5.5 is the only version in the 2.5 branch which is immune to some annoying vulnerability).

You can install the latest OpenVPN version (we recommend OpenVPN 2.6.x and not openvpn-connect, as the 2.x branch seems more robust and it is full featured) and then tell Eddie to use it in "Preferences" "Advanced" window. Please set the path to the OpenVPN binary in the "OpenVPN custom path" field. However, you will need to build it in your macOS as it is not available as a pre-built binary. Anyway, this is not really necessary.

For an updated package for macOS you could consider Eddie 2.24 beta version:
https://airvpn.org/forums/topic/57401-eddie-desktop-224-beta-released/

Furthermore, in macOS OpenVPN 2 is not very efficient. You can get a nice performance boost (usually +100%) by switching to Hummingbird (it's AirVPN software based on an heavily optimized, modified and bug-fixed OpenVPN3 library forked by AirVPN; the latest version is linked against OpenSSL 3).

To switch to Hummingbird just check "Use Hummingbird if available" in the "Preferences" > "Advanced" window. You may also test WireGuard, which is in many cases more efficient than OpenVPN, which may translate into higher throughput, higher than Hummingbird's throughput in a neutral network. You can switch to WireGuard in "Preferences" > "Protocols" window (uncheck "Automatic", select the line with WireGuard port 51820 and click "Save").

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...