schwabe
commented
7 years ago OpenSSL 1.1 does not allow certificates with MD5 hashes anymore.
Closed mesterj closed 7 years ago
schwabe
commented
7 years ago OpenSSL 1.1 does not allow certificates with MD5 hashes anymore.
mesterj
commented
7 years ago Yeah... I need change certificates on 400 devices.
schwabe
commented
7 years ago Get version 0.6.72:
schwabe
commented
7 years ago Btw. MD5 is really weak and collisions can be created in a number of hours, so it is not safe at any level anymore.
mesterj
commented
7 years ago Could you give some example for using tls-cipher "DEFAULT:@seclevel=0" in ovpn config? I can't find it.
schwabe
commented
7 years ago I am not sure what you asking for? You just have to add that line to the config file or as custom option.
mesterj
commented
7 years ago I want to try, but when I added to custom options it isn't working. Now I create new certificates and change on devices.
schwabe
commented
7 years ago The options definitively works, I tested it myself.
mesterj
commented
7 years ago OK . I won't use. New certs are safer.
Hello Arne
I have problem with new version of OpenVPN . When I want to connect I got MGMT: Got unrecognized command > FATAL :Cannot load inline certificate file. Before the update it was work. It is 0.6.71 ver.
Here is the log: 2017-06-26 09:42:21 hivatalos build 0.6.71 futtatva samsung SM-J510FN (MSM8916), Android 6.0.1 (MMB29M) API 23, ABI armeabi-v7a, (samsung/j5xnltexx/j5xnlte:6.0.1/MMB29M/J510FNXXU2AQD2:user/release-keys) 2017-06-26 09:42:22 Konfiguráció felépítése… 2017-06-26 09:42:22 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START): 2017-06-26 09:42:22 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START): 2017-06-26 09:42:22 started Socket Thread 2017-06-26 09:42:22 Hálózati állapot: CONNECTED to WIFI "KITE-Informatika" 2017-06-26 09:42:22 Debug state info: CONNECTED to WIFI "KITE-Informatika", pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 2017-06-26 09:42:22 Debug state info: CONNECTED to WIFI "KITE-Informatika", pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 2017-06-26 09:42:22 P:Initializing Google Breakpad! 2017-06-26 09:42:22 Current Parameter Settings: 2017-06-26 09:42:22 0 másodperc várakozás a csatlakozási kísérletek között 2017-06-26 09:42:22 config = '/data/user/0/de.blinkt.openvpn/cache/android.conf' 2017-06-26 09:42:22 mode = 0 2017-06-26 09:42:22 show_ciphers = DISABLED 2017-06-26 09:42:22 show_digests = DISABLED 2017-06-26 09:42:22 show_engines = DISABLED 2017-06-26 09:42:22 genkey = DISABLED 2017-06-26 09:42:22 key_pass_file = '[UNDEF]' 2017-06-26 09:42:22 show_tls_ciphers = DISABLED 2017-06-26 09:42:22 connect_retry_max = 0 2017-06-26 09:42:22 Connection profiles [0]: 2017-06-26 09:42:22 proto = udp 2017-06-26 09:42:22 local = '[UNDEF]' 2017-06-26 09:42:22 local_port = '[UNDEF]' 2017-06-26 09:42:22 remote = '212.92.8.82' 2017-06-26 09:42:22 remote_port = '1194' 2017-06-26 09:42:22 remote_float = ENABLED 2017-06-26 09:42:22 bind_defined = DISABLED 2017-06-26 09:42:22 bind_local = DISABLED 2017-06-26 09:42:22 bind_ipv6_only = DISABLED 2017-06-26 09:42:22 connect_retry_seconds = 2 2017-06-26 09:42:22 connect_timeout = 120 2017-06-26 09:42:22 socks_proxy_server = '[UNDEF]' 2017-06-26 09:42:22 socks_proxy_port = '[UNDEF]' 2017-06-26 09:42:22 tun_mtu = 1500 2017-06-26 09:42:22 tun_mtu_defined = ENABLED 2017-06-26 09:42:22 link_mtu = 1500 2017-06-26 09:42:22 link_mtu_defined = DISABLED 2017-06-26 09:42:22 tun_mtu_extra = 0 2017-06-26 09:42:22 tun_mtu_extra_defined = DISABLED 2017-06-26 09:42:22 mtu_discover_type = -1 2017-06-26 09:42:22 fragment = 0 2017-06-26 09:42:22 mssfix = 1450 2017-06-26 09:42:22 explicit_exit_notification = 0 2017-06-26 09:42:22 Connection profiles END 2017-06-26 09:42:22 remote_random = DISABLED 2017-06-26 09:42:22 ipchange = '[UNDEF]' 2017-06-26 09:42:22 dev = 'tun' 2017-06-26 09:42:22 dev_type = '[UNDEF]' 2017-06-26 09:42:22 dev_node = '[UNDEF]' 2017-06-26 09:42:22 lladdr = '[UNDEF]' 2017-06-26 09:42:22 topology = 1 2017-06-26 09:42:22 ifconfig_local = '[UNDEF]' 2017-06-26 09:42:22 ifconfig_remote_netmask = '[UNDEF]' 2017-06-26 09:42:22 ifconfig_noexec = DISABLED 2017-06-26 09:42:22 ifconfig_nowarn = ENABLED 2017-06-26 09:42:22 ifconfig_ipv6_local = '[UNDEF]' 2017-06-26 09:42:22 ifconfig_ipv6_netbits = 0 2017-06-26 09:42:22 ifconfig_ipv6_remote = '[UNDEF]' 2017-06-26 09:42:22 shaper = 0 2017-06-26 09:42:22 mtu_test = 0 2017-06-26 09:42:22 mlock = DISABLED 2017-06-26 09:42:22 keepalive_ping = 0 2017-06-26 09:42:22 keepalive_timeout = 0 2017-06-26 09:42:22 inactivity_timeout = 0 2017-06-26 09:42:22 ping_send_timeout = 0 2017-06-26 09:42:22 ping_rec_timeout = 0 2017-06-26 09:42:22 ping_rec_timeout_action = 0 2017-06-26 09:42:22 ping_timer_remote = DISABLED 2017-06-26 09:42:22 remap_sigusr1 = 0 2017-06-26 09:42:22 persist_tun = ENABLED 2017-06-26 09:42:22 persist_local_ip = DISABLED 2017-06-26 09:42:22 persist_remote_ip = DISABLED 2017-06-26 09:42:22 persist_key = DISABLED 2017-06-26 09:42:22 passtos = DISABLED 2017-06-26 09:42:22 resolve_retry_seconds = 60 2017-06-26 09:42:22 resolve_in_advance = ENABLED 2017-06-26 09:42:22 username = '[UNDEF]' 2017-06-26 09:42:22 groupname = '[UNDEF]' 2017-06-26 09:42:22 chroot_dir = '[UNDEF]' 2017-06-26 09:42:22 cd_dir = '[UNDEF]' 2017-06-26 09:42:22 writepid = '[UNDEF]' 2017-06-26 09:42:22 up_script = '[UNDEF]' 2017-06-26 09:42:22 down_script = '[UNDEF]' 2017-06-26 09:42:22 down_pre = DISABLED 2017-06-26 09:42:22 up_restart = DISABLED 2017-06-26 09:42:22 up_delay = DISABLED 2017-06-26 09:42:22 daemon = DISABLED 2017-06-26 09:42:22 inetd = 0 2017-06-26 09:42:22 log = DISABLED 2017-06-26 09:42:22 suppress_timestamps = DISABLED 2017-06-26 09:42:22 machine_readable_output = ENABLED 2017-06-26 09:42:22 nice = 0 2017-06-26 09:42:22 verbosity = 4 2017-06-26 09:42:22 mute = 0 2017-06-26 09:42:22 gremlin = 0 2017-06-26 09:42:22 status_file = '[UNDEF]' 2017-06-26 09:42:22 status_file_version = 1 2017-06-26 09:42:22 status_file_update_freq = 60 2017-06-26 09:42:22 occ = ENABLED 2017-06-26 09:42:22 rcvbuf = 0 2017-06-26 09:42:22 sndbuf = 0 2017-06-26 09:42:22 sockflags = 0 2017-06-26 09:42:22 fast_io = DISABLED 2017-06-26 09:42:22 comp.alg = 2 2017-06-26 09:42:22 comp.flags = 1 2017-06-26 09:42:22 route_script = '[UNDEF]' 2017-06-26 09:42:22 route_default_gateway = '[UNDEF]' 2017-06-26 09:42:22 route_default_metric = 0 2017-06-26 09:42:22 route_noexec = DISABLED 2017-06-26 09:42:22 route_delay = 0 2017-06-26 09:42:22 route_delay_window = 30 2017-06-26 09:42:22 route_delay_defined = DISABLED 2017-06-26 09:42:22 route_nopull = DISABLED 2017-06-26 09:42:22 route_gateway_via_dhcp = DISABLED 2017-06-26 09:42:22 allow_pull_fqdn = DISABLED 2017-06-26 09:42:22 management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket' 2017-06-26 09:42:22 management_port = 'unix' 2017-06-26 09:42:22 management_user_pass = '[UNDEF]' 2017-06-26 09:42:22 management_log_history_cache = 250 2017-06-26 09:42:22 management_echo_buffer_size = 100 2017-06-26 09:42:22 management_write_peer_info_file = '[UNDEF]' 2017-06-26 09:42:22 management_client_user = '[UNDEF]' 2017-06-26 09:42:22 management_client_group = '[UNDEF]' 2017-06-26 09:42:22 management_flags = 4390 2017-06-26 09:42:22 shared_secret_file = '[UNDEF]' 2017-06-26 09:42:22 key_direction = (null) 2017-06-26 09:42:22 ciphername = 'BF-CBC' 2017-06-26 09:42:22 ncp_enabled = ENABLED 2017-06-26 09:42:22 ncp_ciphers = 'AES-256-GCM:AES-128-GCM' 2017-06-26 09:42:22 authname = 'SHA1' 2017-06-26 09:42:22 prng_hash = 'SHA1' 2017-06-26 09:42:22 prng_nonce_secret_len = 16 2017-06-26 09:42:22 keysize = 0 2017-06-26 09:42:22 engine = DISABLED 2017-06-26 09:42:22 replay = ENABLED 2017-06-26 09:42:22 mute_replay_warnings = DISABLED 2017-06-26 09:42:22 replay_window = 64 2017-06-26 09:42:22 replay_time = 15 2017-06-26 09:42:22 packet_id_file = '[UNDEF]' 2017-06-26 09:42:22 test_crypto = DISABLED 2017-06-26 09:42:22 tls_server = DISABLED 2017-06-26 09:42:22 tls_client = ENABLED 2017-06-26 09:42:22 key_method = 2 2017-06-26 09:42:22 ca_file = '[[INLINE]]' 2017-06-26 09:42:22 ca_path = '[UNDEF]' 2017-06-26 09:42:22 dh_file = '[UNDEF]' 2017-06-26 09:42:22 cert_file = '[[INLINE]]' 2017-06-26 09:42:22 extra_certs_file = '[UNDEF]' 2017-06-26 09:42:22 priv_key_file = '[[INLINE]]' 2017-06-26 09:42:22 pkcs12_file = '[UNDEF]' 2017-06-26 09:42:22 cipher_list = '[UNDEF]' 2017-06-26 09:42:22 tls_verify = '[UNDEF]' 2017-06-26 09:42:22 tls_export_cert = '[UNDEF]' 2017-06-26 09:42:22 verify_x509_type = 0 2017-06-26 09:42:22 verify_x509_name = '[UNDEF]' 2017-06-26 09:42:22 crl_file = '[UNDEF]' 2017-06-26 09:42:22 ns_cert_type = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_ku[i] = 0 2017-06-26 09:42:22 remote_cert_eku = '[UNDEF]' 2017-06-26 09:42:22 ssl_flags = 0 2017-06-26 09:42:22 tls_timeout = 2 2017-06-26 09:42:22 renegotiate_bytes = -1 2017-06-26 09:42:22 renegotiate_packets = 0 2017-06-26 09:42:22 renegotiate_seconds = 3600 2017-06-26 09:42:22 handshake_window = 60 2017-06-26 09:42:22 transition_window = 3600 2017-06-26 09:42:22 single_session = DISABLED 2017-06-26 09:42:22 push_peer_info = DISABLED 2017-06-26 09:42:22 tls_exit = DISABLED 2017-06-26 09:42:22 tls_auth_file = '[UNDEF]' 2017-06-26 09:42:22 tls_crypt_file = '[UNDEF]' 2017-06-26 09:42:22 client = ENABLED 2017-06-26 09:42:22 pull = ENABLED 2017-06-26 09:42:22 auth_user_pass_file = '[UNDEF]' 2017-06-26 09:42:22 OpenVPN 2.5-icsopenvpn [git:icsopenvpn-d51333c645c12713] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 23 2017 2017-06-26 09:42:22 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.10 2017-06-26 09:42:22 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket 2017-06-26 09:42:22 MANAGEMENT: CMD 'hold release' 2017-06-26 09:42:22 MANAGEMENT: CMD 'proxy NONE' 2017-06-26 09:42:22 MANAGEMENT: CMD 'bytecount 2' 2017-06-26 09:42:22 MANAGEMENT: CMD 'state on' 2017-06-26 09:42:23 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2017-06-26 09:42:23 MGMT: Got unrecognized command>FATAL:Cannot load inline certificate file 2017-06-26 09:42:23 OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak 2017-06-26 09:42:23 MANAGEMENT: Client disconnected 2017-06-26 09:42:23 Cannot load inline certificate file 2017-06-26 09:42:23 Exiting due to fatal error 2017-06-26 09:42:23 Process exited with exit value 1 2017-06-26 09:42:23 New OpenVPN Status (NOPROCESS->LEVEL_NOTCONNECTED): No process running. 2017-06-26 09:42:23 New OpenVPN Status (NOPROCESS->LEVEL_NOTCONNECTED): No process running.