1.8.2 and older VPN keys broken

Got a problem with Viscosity or need help? Ask here!

davidandreasen

Posts: 1
Joined: Thu Nov 21, 2019 1:37 am

Post by davidandreasen » Thu Nov 21, 2019 1:43 am
Hello,

One of our users upgraded to Viscosity 1.8.2 and now his certificate is no longer accepted by Viscosity. The error we get in the log says
Code: Select all
Nov 18 10:41:58 AM: Server reachable. Connecting to 54.224.78.184:1194:udp.
Nov 18 10:41:58 AM: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Nov 18 10:41:59 AM: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
Nov 18 10:41:59 AM: Exiting due to fatal error
Nov 18 10:41:59 AM: Cannot load certificate file C:\Users\user\AppData\Roaming\Viscosity\OpenVPN\2\user.crt
My research indicated that we need to update the VPN keys to use a supported hashing algorithm. That is in the works (it is non trivial with hundreds of users). Is there a way to get Viscosity 1.8.2 to accept our current keys until we have our new OpenVPN server in place?

Thanks a bunch!

Dave

James

User avatar
Posts: 1973
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Nov 21, 2019 10:43 am
Hi Dave,

You can try the temporary fix listed in the following forum post, however please note we haven't tested it for local certificates:
https://www.sparklabs.com/forum/viewtopic.php?f=3&t=2781#p8426

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
2 posts Page 1 of 1