auth sha512

Got a problem with Viscosity or need help? Ask here!

existenz

Posts: 4
Joined: Mon Oct 19, 2009 11:11 pm

Post by existenz » Mon Oct 19, 2009 11:19 pm
Hello,

I would like to use sha512 algorithm, so I configured viscosity with :
auth SHA512

However I got the foolowing error in my logs :
Message hash algorithm 'SHA512' not found (Openssl)

I check my openssl version (snow leopard), and it seems SHA512 is well supported :
$> /usr/bin/openssl version
OpenSSL 0.9.8k 25 Mar 2009

$> /usr/bin/openssl dgst -sha512 SOMEFILE
SOME DIGEST

So I'm wondering if openvpn binary viscosity used is statically compiled with older version of openssl ?
Is there a way to get auth SHA512 works ?

Thx

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Oct 26, 2009 9:37 am
Hi existenz,

Viscosity 1.0.6 is built against the version of OpenSSL that ships with Leopard (an older version, and Apple do restrict what algorithms are available).

The latest beta (1.0.7b4) is built under Snow Leopard, so you're welcome to give that a try. 1.0.7b4 is the first build under Snow Leopard, so it still requires some heavy testing.

Alternatively you can replace the OpenVPN binary that ships with Viscosity with your own version that has been built against a different OpenSSL release. The binary is located at Viscosity.app/Contents/Resources/openvpn2.1

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

steelhands

Posts: 1
Joined: Mon Oct 26, 2009 4:33 pm

Post by steelhands » Mon Oct 26, 2009 4:36 pm
The latests beta (1.0.7b4) still has a very limited set of digests available. Nothing new here.

Please try to 'fix' this soon...

thanks.
Code: Select all
yyyyyyy:~ xxxxx$ /Applications/Viscosity.app/Contents/Resources/openvpn2.1 --show-digests
The following message digests are available for use with
OpenVPN.  A message digest is used in conjunction with
the HMAC function, to authenticate received packets.
You can specify a message digest as parameter to
the --auth option.

MD2 128 bit digest size
MD5 128 bit digest size
RSA-MD2 128 bit digest size
RSA-MD5 128 bit digest size
SHA 160 bit digest size
RSA-SHA 160 bit digest size
SHA1 160 bit digest size
RSA-SHA1 160 bit digest size
DSA-SHA 160 bit digest size
DSA-SHA1-old 160 bit digest size
MDC2 128 bit digest size
RSA-MDC2 128 bit digest size
DSA-SHA1 160 bit digest size
RSA-SHA1-2 160 bit digest size
DSA 160 bit digest size
RIPEMD160 160 bit digest size
RSA-RIPEMD160 160 bit digest size
MD4 128 bit digest size
RSA-MD4 128 bit digest size

yyyyyyy:~ xxxxx$ 

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sun Nov 01, 2009 6:42 am
The latest beta is now statically-linked against a custom build of OpenSSL (rather than dynamically linked to Apple's version). Please give it a try and see how it goes. Currently it has only been tested under Mac OS 10.6.1, and still requires testing under Mac OS 10.5 and PowerPC.

The beta can be downloaded at:
http://www.viscosityvpn.com/forum/viewt ... p=134#p134
Code: Select all
The following message digests are available for use with
OpenVPN.  A message digest is used in conjunction with
the HMAC function, to authenticate received packets.
You can specify a message digest as parameter to
the --auth option.

MD2 128 bit digest size
MD5 128 bit digest size
RSA-MD2 128 bit digest size
RSA-MD5 128 bit digest size
SHA 160 bit digest size
RSA-SHA 160 bit digest size
SHA1 160 bit digest size
RSA-SHA1 160 bit digest size
DSA-SHA 160 bit digest size
DSA-SHA1-old 160 bit digest size
DSA-SHA1 160 bit digest size
RSA-SHA1-2 160 bit digest size
DSA 160 bit digest size
RIPEMD160 160 bit digest size
RSA-RIPEMD160 160 bit digest size
MD4 128 bit digest size
RSA-MD4 128 bit digest size
ecdsa-with-SHA1 160 bit digest size
RSA-SHA256 256 bit digest size
RSA-SHA384 384 bit digest size
RSA-SHA512 512 bit digest size
RSA-SHA224 224 bit digest size
SHA256 256 bit digest size
SHA384 384 bit digest size
SHA512 512 bit digest size
SHA224 224 bit digest size
Code: Select all
The following ciphers and cipher modes are available
for use with OpenVPN.  Each cipher shown below may be
used as a parameter to the --cipher option.  The default
key size is shown as well as whether or not it can be
changed with the --keysize directive.  Using a CBC mode
is recommended.

DES-CFB 64 bit default key (fixed)
DES-CBC 64 bit default key (fixed)
IDEA-CBC 128 bit default key (fixed)
IDEA-CFB 128 bit default key (fixed)
RC2-CBC 128 bit default key (variable)
RC2-CFB 128 bit default key (variable)
RC2-OFB 128 bit default key (variable)
DES-EDE-CBC 128 bit default key (fixed)
DES-EDE3-CBC 192 bit default key (fixed)
DES-OFB 64 bit default key (fixed)
IDEA-OFB 128 bit default key (fixed)
DES-EDE-CFB 128 bit default key (fixed)
DES-EDE3-CFB 192 bit default key (fixed)
DES-EDE-OFB 128 bit default key (fixed)
DES-EDE3-OFB 192 bit default key (fixed)
DESX-CBC 192 bit default key (fixed)
BF-CBC 128 bit default key (variable)
BF-CFB 128 bit default key (variable)
BF-OFB 128 bit default key (variable)
RC2-40-CBC 40 bit default key (variable)
CAST5-CBC 128 bit default key (variable)
CAST5-CFB 128 bit default key (variable)
CAST5-OFB 128 bit default key (variable)
RC2-64-CBC 64 bit default key (variable)
AES-128-CBC 128 bit default key (fixed)
AES-128-OFB 128 bit default key (fixed)
AES-128-CFB 128 bit default key (fixed)
AES-192-CBC 192 bit default key (fixed)
AES-192-OFB 192 bit default key (fixed)
AES-192-CFB 192 bit default key (fixed)
AES-256-CBC 256 bit default key (fixed)
AES-256-OFB 256 bit default key (fixed)
AES-256-CFB 256 bit default key (fixed)
AES-128-CFB1 128 bit default key (fixed)
AES-192-CFB1 192 bit default key (fixed)
AES-256-CFB1 256 bit default key (fixed)
AES-128-CFB8 128 bit default key (fixed)
AES-192-CFB8 192 bit default key (fixed)
AES-256-CFB8 256 bit default key (fixed)
DES-CFB1 64 bit default key (fixed)
DES-CFB8 64 bit default key (fixed)
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
4 posts Page 1 of 1