On 08/08/17 20:34, Leonardo Rodrigues wrote: > > You very likely created your certificated with MD5 hashing, which > was disabled on newer OpenSSL versions of CentOS. > > Try: > > export NSS_HASH_ALG_SUPPORT=+MD5 > export OPENSSL_ENABLE_MD5_VERIFY=1 > > before starting your OpenVPN daemon and watch if that make clients > connect again ... DON'T DO THAT.
MD5 based certificates are broken. If you still use them, upgrade them NOW. And this knowledge about the brokenness dates back to 2005. <http://eprint.iacr.org/2005/067.pdf> <http://eprint.iacr.org/2005/102.pdf> Anyone using MD5 and re-enables them in the SSL libraries will put their VPN's security at risk. -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
