Upcoming changes to OpenSSL may break some OpenVPN setups

[jkbull..gmail.com]

The OpenSSL Blog announced yesterday that the next version of OpenSSL will have changes to help mitigate the Logjam vulnerability.

One change is that "OpenSSL clients will reject connections with DH parameters shorter than 768 bits."

Tunnelblick will be affected by this change because OpenVPN uses OpenSSL for encryption/decryption.

My understanding is that although Diffie-Hellman is not used in any keys on OpenVPN clients, the "dh" keys on OpenVPN servers are Diffie-Hellman keys. If they are shorter than 768 bits, the next version of OpenSSL will not negotiate a connection. The "dh" keys are currently generated by OpenSSL default to be 2048 bits long, so recently generated keys are OK, but older keys could be shorter than 768 bits, depending on how long ago they were made.

The blog post also mentioned that they will have "a keen eye out to raising the limit to 1024 bits soon". So if your "dh" keys are shorter than 1024 bits, a future update to OpenSSL will probably make them fail.

In the past, Tunnelblick has updated to use new versions of OpenSSL shortly after they become available, and I expect that to continue, so the next release of Tunnelblick my contain an updated OpenSSL and cause problems if your Diffie-Hellman keys are too short.

So if your server "dh" keys are short, update them to be 1024 (or preferably 2048) bits long. If you do this now, with the current release of Tunnelblick (3.5.0), then people using your configurations will have a smooth upgrade to the next version of Tunnelblick.

This announcement has also been made on a post on the Tunnelblick Discussion Group; please discuss it there.