Project

General

Profile

Actions

Todo #14677

closed

Prevent weak SHA1 certificates from being used with OpenVPN clients and servers

Added by Jim Pingle over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
OpenVPN
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Default

Description

OpenVPN built against OpenSSL 3.0 rejects any certificate (client or server) using SHA1 hash. Surprisingly, a SHA1 CA is OK -- just not a server or client certificate.

We should prevent users from choosing SHA1 certificates, either by removing them from the list or by producing an input validation error on save. Certificate selection options should contain a warning about them as well.

On upgrade, if a server or client is using a SHA1 certificate, it must be disabled and a notice filed informing the user of the change. Otherwise the daemon will start and the user will be left searching the logs for clues.

Errors in the log are similar to the following with some slight variations depending on if it's a client or server role:

Aug 10 15:37:29     openvpn     32827     OpenSSL: error:0A00018E:SSL routines::ca md too weak
Aug 10 15:37:29     openvpn     32827     Cannot load certificate file /var/etc/openvpn/server1/cert
Aug 10 16:02:16     openvpn     77691     VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: CN=test-new-serverold, serial=4060058663703718122
Aug 10 16:02:16     openvpn     77691     OpenSSL: error:0A000086:SSL routines::certificate verify failed
Aug 10 16:02:16     openvpn     77691     TLS_ERROR: BIO read tls_read_plaintext error
Aug 10 16:02:16     openvpn     77691     TLS Error: TLS object -> incoming plaintext read error
Aug 10 16:02:16     openvpn     77691     TLS Error: TLS handshake failed

Note that peers using a SHA1 certificate will also fail but we have no way to know what a peer is using so nothing can be done there. For example if the server is using a proper cert but some remote client has an older SHA1 cert, they will no longer be able to connect. Likewise, even if a client instance has a proper cert, if a remote server has a SHA1 server certificate, the client will fail to connect.

Note that attempting to work around this by loading the OpenSSL legacy provider does not make any difference (e.g. openvpn --providers legacy default [...] or inline in the config), it fails no matter what.

Similar to #14672 for the GUI but with important differences in behavior, so treat it separately (e.g. do not lump the upgrade code together in a single function)

Actions #1

Updated by Jim Pingle over 1 year ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 70

Adding the GUI warnings and filtering out the invalid certificate choices is now complete.

The upgrade code is the only part remaining.

Actions #2

Updated by Jim Pingle over 1 year ago

  • Status changed from In Progress to Feedback
  • % Done changed from 70 to 100
Actions #3

Updated by Jim Pingle over 1 year ago

  • Subject changed from Prevent users from choosing SHA1 certificate for OpenVPN clients and servers to Prevent weak SHA1 certificates from being used with OpenVPN clients and servers

Updating subject for release notes.

Actions #4

Updated by Jim Pingle over 1 year ago

  • Status changed from Feedback to Resolved

Certificate lists are filtered appropriately. Certificates with weak hashes are not listed.

Actions #5

Updated by Jim Pingle about 1 year ago

  • Target version changed from 2.8.0 to 2.7.1
Actions

Also available in: Atom PDF