Opened 3 years ago
Closed 2 years ago
#1444 closed Bug / Defect (worksforme)
Fatal TLS error
Reported by: | lauri.laanenurm | Owned by: | |
---|---|---|---|
Priority: | critical | Milestone: | |
Component: | Certificates | Version: | OpenVPN 2.5.1 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | openssl3, legacy, sha1 |
Cc: |
Description
Linux distribution: Ubuntu 22.04 Jammy
OpenVPN client version:
OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 18 2021
library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
The Client profile uses:
cipher AES-128-CBC
auth SHA256
When trying to connect to Sophos XG OpenVPN server, I get the following errors and I am unable to get connected:
2022-01-26 11:38:21 OpenSSL: error:0A0C0103:SSL routines::internal error
2022-01-26 11:38:21 TLS_ERROR: BIO read tls_read_plaintext error
2022-01-26 11:38:21 TLS Error: TLS object -> incoming plaintext read error
2022-01-26 11:38:21 TLS Error: TLS handshake failed
2022-01-26 11:38:21 Fatal TLS error (check_tls_errors_co), restarting
2022-01-26 11:38:21 SIGUSR1[soft,tls-error] received, process restarting
2022-01-26 11:38:21 Restart pause, 5 second(s)
2022-01-26 11:38:22 SIGINT[hard,init_instance] received, process exiting
Change History (5)
comment:1 Changed 3 years ago by
comment:2 Changed 3 years ago by
Closest match would indicate a TLS 1.1 connection is used and OpenSSL 3.x wants special settings.
May also be similar tigtening of restrictions I'm not aware of (Cert signature schemes as in OpenSSL 1.1).
You could test OpenVPN client config with
tls-cipher "DEFAULT:@SECLEVEL=0"
Not recommended for long-term operation.
Try to somehow use TLS 1.2 and/or achieve a setup where this setting is no longer required.
comment:3 Changed 3 years ago by
There is a bit of information lacking here, but it should be noted that OpenSSL 3.0.1 disallows a lot of "insecure" stuff by default - and what tends to bite people quite often is SHA1 certificates. The @SECLEVEL=0 trick suggested by becm should help with this.
(I do wonder if 2.5 + 3.0.1 does work at all if BF-CBC is needed, as there is no code in 2.5 to load the "legacy provider" that is needed for BF-CBC... but if the server is sufficiently recent, it would negotiate AES-256-GCM anyway, thus making this a non-issue)
comment:4 Changed 3 years ago by
Update on this: 2.5.7 - to be released next Tuesday - will contain better support for OpenSSL 3.0.x, and we try to bring that into Ubuntu 22.04 (or at least the relevant patches).
It will still need extra options to accept SHA1 hashes (--tls-cert-profile insecure
) or support old RC2/BF-CBC/... ciphers (--providers legacy default
) - this is the way OpenSSL 3.0 went.
So, best way forward is to upgrade your CA to RSA256 and use AES-256-GCM ciphers everywhere...
(I do wonder why there is an 2.5.1 client in the original post... this is way older than what ubuntu 22 should be shipping)
comment:5 Changed 2 years ago by
Keywords: | openssl3 legacy sha1 added |
---|---|
Resolution: | → worksforme |
Status: | new → closed |
So, to summarize - for 2.5.x with OpenSSL 3.0.x, please do always use 2.5.8 or later - 2.5.1 is lacking the necessary knobs to a) display proper SSL error messages in these cases, and b) configure the workarounds needed.
For Ubuntu, they should have backported our 2.5.7/2.5.8 patches into their package by now.
I'm going to close this bug now, as there is nothing for us to do, with no feedback from the original author in 10+ months.
Which version of Openvpn is your server using ?