OpenSSL: error:0A00018E:SSL routines::ca md too weak

Question

Linux Mint 21

Success install openvpn.

OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
openssl version -a
OpenSSL 1.1.1q  5 Jul 2022
built on: Mon Aug 15 08:08:28 2022 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/lib/engines-1.1"
Seeding source: os-specific

Now want to connect to remote setup via openvpn.

sudo openvpn Leo.ovpn

but get error:

2022-08-15 09:29:10 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-08-15 09:29:10 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2022-08-15 09:29:10 WARNING: file 'client.key' is group or others accessible
2022-08-15 09:29:10 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-08-15 09:29:10 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2022-08-15 09:29:10 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2022-08-15 09:29:10 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2022-08-15 09:29:10 Cannot load certificate file client.crt
2022-08-15 09:29:10 Exiting due to fatal error

P.S. I check folder. Exist files: client.crt and ca.crt

sudo openssl x509 -text -in ca.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d5:a0:93:fa:24:35:4d:95

...

Андрей Кондратьев · Answer 1 · 2023-12-04T08:28:51.227

Ubuntu 22.04.1 LTS

just as said above, add this

tls-cipher "DEFAULT:@SECLEVEL=0"

to your vpn client config(not openssl.cnf), mine looks like this(example):

client
tls-client
ca vpnname/ca.crt
cert vpnname/user.crt
key vpnname/user.key
tls-crypt vpnname/myvpn.tlsauth
proto udp
remote 1.1.1.1 1194 udp
dev tun
topology subnet
pull
user nobody
group nogroup
script-security 2
tls-cipher "DEFAULT:@SECLEVEL=0"
#up /etc/openvpn/vpnname/up.sh
#down /etc/openvpn/vpnname/down.sh

UPDATE about NetworkManager

As people said in the comments, for NetworkManager openvpn you need to add tls-cipher=DEFAULT:@SECLEVEL=0

inside your /etc/NetworkManager/system-connections/name-of-your-openvpn.nmconnection

into [vpn] section

and restart sudo systemctl restart NetworkManager

score 17 · Answer 2 · edited Jun 28 '23 at 11:28

The answer is in the error messages (error:0A00018E:SSL routines::ca md too weak). OpenSSL refuses to use the CA certificate because certain parameters are considered insecure nowadays. This could be caused by the certificate using MD5 or SHA1 for signing.

You should regenerate your CA and certificates with secure hash algorithms for the signature, as your currently used hash algorithms are not considered secure anymore.

There is a workaround available by adding the following to your openssl.cnf:

tls-cipher "DEFAULT:@SECLEVEL=0"

Another workaround is available since OpenVPN 2.6.0:

OpenSSL 3.0 support

OpenSSL 3.0 has been added. Most of OpenSSL 3.0 changes are not user visible but improve general compatibility with OpenSSL 3.0. --tls-cert-profile insecure has been added to allow selecting the lowest OpenSSL security level (not recommended, use only if you must). OpenSSL 3.0 no longer supports the Blowfish (and other deprecated) algorithm by default and the new option --providers allows loading the legacy provider to renable these algorithms.

Alexei · Answer 3 · 2022-08-15T17:05:22.127

2

Given:

Linux Mint 21
OpenVPN 2.5.5 , Mar 22 2022
OpenSSL 3.0.2 , 15 Mar 2022

I fix the problem:

I install openvpn ver. 2.4.7 and now no error.

OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 15 2022
library versions: OpenSSL 1.1.1q  5 Jul 2022, LZO 2.10
OpenSSL 1.1.1q  5 Jul 2022

edited Aug 15 '22 at 17:05

answered Aug 15 '22 at 13:39

Alexei

473

score 1 · Answer 4 · answered Jan 22 '24 at 12:46

Note that although changing ovpn configuration is a working workaround it might not be the best solution. SHA1 has a low level of security even with long keys (SHA-1 is considered to have less then 80 bits of security for digital signatures). See: Recommendation for Key Management, NIST Special Publication 800-57 Part 1, NIST, May 2020.

Modify CA/certificate

What you should do is change openssl.cnf you use to sign and generate certificates.

[CA_default]
# ...
default_md = sha256
# ...
[ req ]
default_bits = 2048

Generating a certificate with above settings should be indicated in the crt/pem file like so:

Signature Algorithm: sha256WithRSAEncryption
[...]
RSA Public-Key: (2048 bit)

All this might a bit of work depending of how many certificates you have.

Workaround

So as a workaround you can add security level of 0 in *.ovpn (on the client side):

tls-cipher "DEFAULT:@SECLEVEL=0"

Note that SECLEVEL=0 means any algorithm is allowed (security levels info).

This workaround might be fine depending on how are you using the certificates (e.g. for local tests or public facing stuff) and how big of a target you are... and what other layers of security do you have.

score 0 · Answer 5 · answered Aug 15 '22 at 08:06

The problem is described in the article Ubuntu 22.04 OpenSSL error fixing:

Ubuntu and Xubuntu 22.04 moved to OpenSSL 3.0. This is causing errors (0A00018E:SSL routines::ca md too weak) with Wifi and other internet connections. This is because OpenSSL 3.0 considers MD5 and SHA1 hash Algorithms used on old CA certificates invalid.

Although the article is for Ubuntu, it probably also applies to the latest Linux Mint.

This article proposes the following solutions:

Solution 1: If you are using Wi-Fi or a VPN and you are getting the error, then the immediate solution is to renew your key pairs to be compatible with OpenSSL 3. This is because OpenSSL 3 which is used by default in Ubuntu 22.04 does not accept SHA1 algorithm. Learn more about OpenSSL 3.0.

Solution 2: Install OpenSSL 3 . Here is a guide on how to install OpenSSL 3 on Ubuntu 22.04.

Solution 3: If you are facing a problem with SSH, then make sure that you have selectively enabled it as it is disabled by default in OpenSSH.

NOTE: Third-party packages that use libssl1.1 will also need to be upgraded to libssl3.

OpenSSL: error:0A00018E:SSL routines::ca md too weak

5 Answers5

OpenSSL 3.0 support

Modify CA/certificate

Workaround