From patchwork Tue Nov 29 11:30:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2867 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id QBnWG3bthWPkbgAAIUCqbw (envelope-from ) for ; Tue, 29 Nov 2022 06:31:02 -0500 Received: from proxy18.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id QJIwG3bthWPucQAApN4f7A (envelope-from ) for ; Tue, 29 Nov 2022 06:31:02 -0500 Received: from smtp27.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.ord1d.rsapps.net with LMTPS id gBiIG3bthWMRYQAATCaURg (envelope-from ) for ; Tue, 29 Nov 2022 06:31:02 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp27.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 4d38e3cc-6fd9-11ed-b45d-5254003773d7-1-1 Received: from [216.105.38.7] ([216.105.38.7:40092] helo=lists.sourceforge.net) by smtp27.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id FB/77-05938-57DE5836; Tue, 29 Nov 2022 06:31:01 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1ozyoz-0006wu-Cf; Tue, 29 Nov 2022 11:30:41 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1ozyox-0006wa-8s for openvpn-devel@lists.sourceforge.net; Tue, 29 Nov 2022 11:30:39 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=H5RoFrS6dOYxsRZQPUm+m4VRIPnQQB6QA51yKCwQPG0=; b=SNtio+jtHsodfpkjGvZJ2rtIx6 36uNGxKHhAnPHDcqzjiLK9f0llYBfzyMS7dGDOxZOxhQijClQ2JntwoRNJowDU+3R20HDoyKwENv/ l155laCrY49ZUEAppP+XxH3f4gBG7aqB9Tz6eVNghMGihQ1MJ3katravemD44wQBn47I=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=H5RoFrS6dOYxsRZQPUm+m4VRIPnQQB6QA51yKCwQPG0=; b=jJBO002RDjIk6Vv4gtdytw7gI5 1WqcYgWzI29E2zUEaqbVERAin14xrRJC45N1Ls7sow8gZDsVyVca0iLIgP49FVMXelb8ouL9AEWtP 0Z7/RsBtH6lMF2PPJdcmYBO23nWVLYWFOjQ/iRNJ3BvXOtwOe7/ABXLEZ1Vmb6sYLtRk=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1ozyow-00049B-En for openvpn-devel@lists.sourceforge.net; Tue, 29 Nov 2022 11:30:39 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1ozyop-00043r-79 for openvpn-devel@lists.sourceforge.net; Tue, 29 Nov 2022 12:30:31 +0100 Received: (nullmailer pid 3735644 invoked by uid 10006); Tue, 29 Nov 2022 11:30:31 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 29 Nov 2022 12:30:31 +0100 Message-Id: <20221129113031.3735598-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221127203228.3543200-1-arne@rfc2549.org> References: <20221127203228.3543200-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: We expect a number of configuration to no longer work with OpenVPN 2.6 and OpenSSL 3.0. This section tries to explain the most common errors that will come up and how to work around them. Patch V2: several mistakes highlighed and suggestions made by Frank included. Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1ozyow-00049B-En Subject: [Openvpn-devel] [PATCH v2] Add section about common error with OpenVPN 2.6 and OpenSSL 3.0 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox We expect a number of configuration to no longer work with OpenVPN 2.6 and OpenSSL 3.0. This section tries to explain the most common errors that will come up and how to work around them. Patch V2: several mistakes highlighed and suggestions made by Frank included. Signed-off-by: Arne Schwabe Acked-By: Frank Lichtenheld --- Changes.rst | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) diff --git a/Changes.rst b/Changes.rst index f316115f3..39d43a7f4 100644 --- a/Changes.rst +++ b/Changes.rst @@ -190,6 +190,99 @@ User-visible Changes software that enumerates interfaces, looking for "broadcast capable?" and expecting certain results. Normal uses should not see any difference. +- The default configuration will no longer allow connections to OpenVPN 2.3.x + peer or earlier, use the new ``--compat-mode`` option if you need + compatibility with older versions. See the manual page on the + ``--compat-mode`` for details. + +Common errors with OpenSSL 3.0 and OpenVPN 2.6 +---------------------------------------------- +Both OpenVPN 2.6 and OpenSSL 3.0 tighten the security considerable, so some +configuration will no longer work. This section will cover the most common +causes and error message we have seen and explain their reason and temporary +workarounds. You should fix the underlying problems as soon as possible since +these workaround are not secure and will eventually stop working in a future +update. + +- weak SHA1 or MD5 signature on certificates + + This will happen on either loading of certificates or on connection + to a server:: + + OpenSSL: error:0A00018E:SSL routines::ca md too weak + Cannot load certificate file cert.crt + Exiting due to fatal error + + OpenSSL 3.0 no longer allows weak signatures on certificates. You can + downgrade your security to allow them by using ``--tls-cert-profile insecure`` + but should replace/regenerate these certificates as soon as possible. + + +- 1024 bit RSA certificates, 1024 bit DH parameters, other weak keys + + This happens if you use private keys or other cryptographic material that + does not meet today's cryptographic standards anymore. Messages are similar + to:: + + OpenSSL: error:0A00018F:SSL routines::ee key too small + OpenSSL: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small + + DH parameters (``--dh``) can be regenerated with ``openssl dhparam 2048``. + For other cryptographic keys, these keys and certificates need to be + regenerated. TLS Security level can be temporarily lowered with + ``--tls-cert-profile legacy`` or even ``--tls-cert-profile insecure``. + +- Connecting to a OpenVPN 2.3.x server or allowing OpenVPN 2.3.x or earlier + clients + + This will normally result in messages like:: + + OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server. + + or + + client/127.0.0.1:49954 SENT CONTROL [client]: 'AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)' (status=1) + + You can manually add the missing cipher to the ``--data-ciphers``. The + standard ciphers should be included as well, e.g. + ``--data-ciphers AES-256-GCM:AES-128-GCM:?Chacha20-Poly1305:?AES-128-CBC``. + You can also use the ``--compat-mode`` option. Note that these message may + also indicate other cipher configuration problems. See the data channel + cipher negotiation manual section for more details. (Available online under + https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst) + +- Use of a legacy or deprecated cipher (e.g. 64bit block ciphers) + + OpenSSL 3.0 no longer supports a number of insecure and outdated ciphers in + its default configuration. Some of these ciphers are known to be vulnerable (SWEET32 attack). + + This will typically manifest itself in messages like:: + + OpenSSL: error:0308010C:digital envelope routines::unsupported + Cipher algorithm 'BF-CBC' not found + Unsupported cipher in --data-ciphers: BF-CBC + + If your OpenSSL distribution comes with the legacy provider (see + also ``man OSSL_PROVIDER-legacy``), you can load the OpenSSL legacy provider + that contains the old algorithms. Use ``--providers legacy default`` to load + the OpenSSL legacy provider. + +- OpenVPN version not supporting TLS 1.2 or later + + The default in OpenVPN 2.6 and also in many distributions is now TLS 1.2 or + later. Connecting to a peer that does not support this will results in + messages like:: + + TLS error: Unsupported protocol. This typically indicates that client and + server have no common TLS version enabled. This can be caused by mismatched + tls-version-min and tls-version-max options on client and server. If your + OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 + to the client configuration to use TLS 1.0+ instead of TLS 1.0 only + OpenSSL: error:0A000102:SSL routines::unsupported protocol + + This can be an OpenVPN 2.3.6 or earlier version. ``compat-version 2.3.0`` will + enable TLS 1.0 support if supported by the OpenSSL distribution. Note that + on some Linux distributions enabling TLS 1.1 or 1.0 is not possible. Overview of changes in 2.5 ==========================