On 08/08/17 20:34, Leonardo Rodrigues wrote:
> 
>     You very likely created your certificated with MD5 hashing, which
> was disabled on newer OpenSSL versions of CentOS.
> 
>     Try:
> 
> export NSS_HASH_ALG_SUPPORT=+MD5
> export OPENSSL_ENABLE_MD5_VERIFY=1
> 
>     before starting your OpenVPN daemon and watch if that make clients
> connect again ...
DON'T DO THAT.

MD5 based certificates are broken.  If you still use them, upgrade them
NOW.  And this knowledge about the brokenness dates back to 2005.

<http://eprint.iacr.org/2005/067.pdf>
<http://eprint.iacr.org/2005/102.pdf>

Anyone using MD5 and re-enables them in the SSL libraries will put their
VPN's security at risk.


-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc


Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to