This seems to have been caused by the patch 0180-Stop-accepting- certificates-signed-using-SHA1-at-sec.patch.
I've re-built 1.1.1c-1ubuntu4 (apt source openssl; cd openssl1.1.1c; dpkg-buildpackage --no-sign; sudo apt install ../libssl1.1_1.1.1c- 1ubuntu4_amd64.deb), which makes my VPN work again. I've tried putting different things into /etc/ssl/openssl.conf, but `CipherString = DEFAULT:@SECLEVEL=0` (or any variation I can think of) makes it work. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866611 Title: OpenVPN w. SHA1 signed CA broken after upgrade to 1.1.1d-2ubuntu6 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1866611/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
