Opened 8 months ago

Last modified 7 weeks ago

#963 accepted Bug / Defect

OpenVPN 2.4.4 OpenSSL 1.1.x issues with ECC ciphers (client only)

Reported by: mke208 Owned by: Steffan Karger
Priority: major Milestone: release 2.4.4
Component: Generic / unclassified Version: OpenVPN 2.4.4 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: openvpn openssl 1.1 ecc
Cc: Steffan Karger


  • openvpn 2.4.4 + openssl 1.1.0g compiled from source.
  • certificates using curve sect571r1

On connect, client hangs, and on server i get:
OpenSSL: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

This is only with openssl 1.1 , with 1.0.x it works just fine.

After some reading, i saw this change on OpenSSL:

*) Change the ECC default curve list to be this, in order: x25519,
secp256r1, secp521r1, secp384r1.
[Rich Salz]
Somehow openssl defaults to x25519 , and my certificates are using sect571r1, and passing ecdh-curve to openvpn does not solve it.

What i tried was adding this:

SSL_CTX_set1_curves_list(ctx->ctx, "sect571r1");

in src/openvpn/ssl_openssl.c, on line 271, just under SSL_CTX_set_default_passwd_cb

This only happens on the client, it doesn't seem to have anything to do with the server.

Maybe someone can implement a proper fix to adapt to openssl 1.1 changes ...

Issue can also be seen here:

Attachments (1)

ssl.c.diff (954 bytes) - added by mke208 7 months ago.

Download all attachments as: .zip

Change History (8)

comment:1 Changed 8 months ago by Gert Döring

Cc: Steffan Karger added

comment:2 Changed 7 months ago by Steffan Karger

ECDH and your certificates do not have to use the same curves. The curve from the certificates is used to sign (using in your case ECDSA) the key exchange, while the --ecdh-curve is used to perform the key exchange.

That said, it looks like OpenSSL 1.1+ indeed needs a call to SSL_CTX_set1_curves_list (or SSL_CTX_set1_groups_list as is preferred in the current master branch...). Something similar to --tls-ciphers and --show-tls.

I'll assign this ticket to myself to keep track of it, but can't promise I'll be looking into this soon. So if anyone else wants to take a stab at it: patches are welcome!

comment:3 Changed 7 months ago by Steffan Karger

Owner: set to Steffan Karger
Status: newaccepted

comment:4 Changed 7 months ago by mke208

Per openssl wiki:
I guess it could be somehow possible to get the curve name from the certificate and pass it to
SSL_CTX_set1_curves_list ...

Changed 7 months ago by mke208

Attachment: ssl.c.diff added

comment:5 Changed 7 months ago by mke208

Added a patch, it's working but someone should look at it ...

comment:6 Changed 4 months ago by tincantech


comment:7 Changed 7 weeks ago by tincantech

ECDH and your certificates do not have to use the same curves

Just for information :-
On paper this may be true, however, it is not how openvpn currently works.

Currently, the TLS curve must match the PKI curve.

Tested with openvpn Server:2.4.6 Client:2.4.6 :-

Server openssl Client openssl PKI Curve 1 --ecdh-curve 2 Result
1.1.0h 1.1.0h secp384r1 undefined OK
1.1.0h 1.1.0h brainpoolP384r1 undefined Fail
1.1.0h 1.1.0h secp384r1 secp384r1 OK
1.1.0h 1.1.0h brainpoolP384r1 secp384r1 Fail
1.1.0h 1.1.0h secp384r1 brainpoolP384r1 Fail
1.1.0h 1.1.0h brainpoolP384r1 brainpoolP384r1 Fail
1.1.0h 1.0.2o secp384r1 undefined OK
1.1.0h 1.0.2o brainpoolP384r1 undefined Fail
1.1.0h 1.0.2o secp384r1 secp384r1 OK
1.1.0h 1.0.2o brainpoolP384r1 secp384r1 Fail
1.1.0h 1.0.2o secp384r1 brainpoolP384r1 Fail
1.1.0h 1.0.2o brainpoolP384r1 brainpoolP384r1 OK

Note 1: Curve selected in EasyRSA before creating PKI.
Note 2: undefined means --ecdh-curve is not used in server config.
Note 3: --ecdh-curve is never defined in the client config.

All failures are tls_post_process_client_hello:no shared cipher

Last edited 7 weeks ago by tincantech (previous) (diff)
Note: See TracTickets for help on using tickets.