OpenVPN fails to start/connect: OpenSSL: error:0A00018E:SSL routines::ca md too weak

Hi Marcus,

Thanks for taking the time to file this bug and trying to make Ubuntu better.

With the information you provided is hard to predict what is happening in your system. Could you share any information/config files/steps to reproduce this issue? Otherwise we cannot act on this bug.

I am setting the status of this bug to Incomplete, once you provide more information set it back to New and we will take a look again.

Obviously I can't give you credentials to our VPN, but what other information (besides the already attached files) would be useful? I'll upload the part of syslog where I connect successfully with impish openvpn and when I try to connect unsuccessfully with jammy openvpn. Maybe that helps.

Thank you for providing further info, Marcus. This is exactly what we needed in order to continue the investigation.

The following line from the Jammy log file caught my attention:

Apr 13 00:50:01 slim nm-openvpn[3337388]: OpenSSL: error:0A00018E:SSL routines::ca md too weak

This is the reason OpenVPN is failing to connect. This error happens because OpenSSL 3.0 (which is the default OpenSSL version in Jammy) now rejects certificates generated with legacy cryptographic algorithms, which seems to be what you have there. See:

https://wiki.openssl.org/index.php/OpenSSL_3.0#Legacy_Algorithms

The recommended fix for this issue is to regenerate your certificates using stronger ciphers. There are other workarounds available, but they are unsafe and IMHO shouldn't be used in production. I am leaving a few links here that contain interesting discussions about this error:

https://www.snbforums.com/threads/default-openvpn-server-no-longer-works-with-openssl-3.75192/
https://github.com/openssl/openssl/issues/16650
https://forums.openvpn.net/viewtopic.php?t=23979 (old, but seems to be still applicable)

Having said all that, it looks very much like this is a local configuration issue rather than a bug in the package, so I am marking the bug as Incomplete again. If you still believe this is a problem with the openvpn, please mark this bug as New and provide a rationale for us.

Thanks.

To make this configuration with OpenSSL 3.0 and OpenVPN you need

 tls-cert-profile insecure

which is not included in OpenvPN 2.5.5 in Ubuntu. The upstream commit is

https://github.com/OpenVPN/openvpn/commit/7b1b100557608db8a311d06f7578ceb7c4d33aa6

Thanks Arne for chiming in and for pointing at that patch, which according to [1] has been tested against Ubuntu 22.04 already.

I was worried about introducing a patch in Ubuntu can possibly downgrade the OpenVPN security standards, but I see that the same change landed in the master branch [2], so we're going to ship it with the next Ubuntu releases anyway (as part of newer OpenVPN releases), so I think it's safe to include after all.

[1] https://<email address hidden>/msg24273.html
[2] https://github.com/OpenVPN/openvpn/commit/23efeb7a0bd9e0a6d997ae6e77e0e04170da3e67

Attached is the patch in question (untested).

Like Paride and Sergio, I also think the ideal fix is for users to improve their certificates with stronger ciphers, but presumably they have no admin authority on the systems they're connecting to, so don't really have that option. However, this patch just adds an option to workaround the situation, and as Paride points out it this is upstream as of May 4th, and thus may already be in the 2.6.0~git20220518+dco-2ubuntu1 version currently in kinetic-proposed, so it may indeed be viable for SRU consideration.

Anyone have a guess as to how widespread these outdated VPN certs are? Knowing that would help inform the severity to communicate in the SRU Impact statement.

Also, if anyone can suggest a paint-by-numbers way to reproduce this issue and test the fix, that would help in getting the SRU crafted and accepted for release.

This and other fixes related to OpenSSL 3 were reported by OpenVPN upstream maintainer here:

https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1975574

We will try to backport all the mentioned patches to Jammy.

Let us try to prep all the ssl3 changes that got found.