Opened 7 months ago

Last modified 3 months ago

#1444 new Bug / Defect

Fatal TLS error

Reported by: lauri.laanenurm Owned by:
Priority: critical Milestone:
Component: Certificates Version: OpenVPN 2.5.1 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


Linux distribution: Ubuntu 22.04 Jammy

OpenVPN client version:
OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 18 2021
library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10

The Client profile uses:
cipher AES-128-CBC
auth SHA256

When trying to connect to Sophos XG OpenVPN server, I get the following errors and I am unable to get connected:

2022-01-26 11:38:21 OpenSSL: error:0A0C0103:SSL routines::internal error
2022-01-26 11:38:21 TLS_ERROR: BIO read tls_read_plaintext error
2022-01-26 11:38:21 TLS Error: TLS object -> incoming plaintext read error
2022-01-26 11:38:21 TLS Error: TLS handshake failed
2022-01-26 11:38:21 Fatal TLS error (check_tls_errors_co), restarting
2022-01-26 11:38:21 SIGUSR1[soft,tls-error] received, process restarting
2022-01-26 11:38:21 Restart pause, 5 second(s)
2022-01-26 11:38:22 SIGINT[hard,init_instance] received, process exiting

Change History (4)

comment:1 Changed 7 months ago by tct

Which version of Openvpn is your server using ?

comment:2 Changed 6 months ago by becm

Closest match would indicate a TLS 1.1 connection is used and OpenSSL 3.x wants special settings.
May also be similar tigtening of restrictions I'm not aware of (Cert signature schemes as in OpenSSL 1.1).
You could test OpenVPN client config with

tls-cipher "DEFAULT:@SECLEVEL=0"

Not recommended for long-term operation.
Try to somehow use TLS 1.2 and/or achieve a setup where this setting is no longer required.

comment:3 Changed 6 months ago by Gert Döring

There is a bit of information lacking here, but it should be noted that OpenSSL 3.0.1 disallows a lot of "insecure" stuff by default - and what tends to bite people quite often is SHA1 certificates. The @SECLEVEL=0 trick suggested by becm should help with this.

(I do wonder if 2.5 + 3.0.1 does work at all if BF-CBC is needed, as there is no code in 2.5 to load the "legacy provider" that is needed for BF-CBC... but if the server is sufficiently recent, it would negotiate AES-256-GCM anyway, thus making this a non-issue)

comment:4 Changed 3 months ago by Gert Döring

Update on this: 2.5.7 - to be released next Tuesday - will contain better support for OpenSSL 3.0.x, and we try to bring that into Ubuntu 22.04 (or at least the relevant patches).

It will still need extra options to accept SHA1 hashes (--tls-cert-profile insecure) or support old RC2/BF-CBC/... ciphers (--providers legacy default) - this is the way OpenSSL 3.0 went.

So, best way forward is to upgrade your CA to RSA256 and use AES-256-GCM ciphers everywhere...

(I do wonder why there is an 2.5.1 client in the original post... this is way older than what ubuntu 22 should be shipping)

Note: See TracTickets for help on using tickets.