Upcoming changes to OpenSSL may break some OpenVPN setups

[jkbull...gmail.com]

The OpenSSL Blog announced yesterday that the next version of OpenSSL will have changes to help mitigate the Logjam vulnerability.

One change is that "OpenSSL clients will reject connections with DH parameters shorter than 768 bits."

Tunnelblick will be affected by this change because OpenVPN uses OpenSSL for encryption/decryption.

My understanding is that although Diffie-Hellman is not used in any keys on OpenVPN clients, the "dh" keys on OpenVPN servers are Diffie-Hellman keys. If they are shorter than 768 bits, the next version of OpenSSL will not negotiate a connection. The "dh" keys are currently generated by OpenSSL default to be 2048 bits long, so recently generated keys are OK, but older keys could be shorter than 768 bits, depending on how long ago they were made.

The blog post also mentioned that they will have "a keen eye out to raising the limit to 1024 bits soon". So if your "dh" keys are shorter than 1024 bits, a future update to OpenSSL will probably make them fail.

In the past, Tunnelblick has updated to use new versions of OpenSSL shortly after they become available, and I expect that to continue, so the next release of Tunnelblick my contain an updated OpenSSL and cause problems if your Diffie-Hellman keys are too short.

So if your server "dh" keys are short, update them to be 1024 (or preferably 2048) bits long. If you do this now, with the current release of Tunnelblick (3.5.0), then people using your configurations will have a smooth upgrade to the next version of Tunnelblick.

[bhall]

What's the easiest way to find out the length of your DH key?

[Nikolay Krasnoyarsky]

Hi there!

The easiest way to find it is use

openssl dhparam -in <DH_file.pem> -text -noout

On Thu, May 21, 2015 at 6:28 PM, bhall <bhal...@gmail.com> wrote:

What's the easiest way to find out the length of your DH key?

--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-dis...@googlegroups.com.
Visit this group at http://groups.google.com/group/tunnelblick-discuss.
For more options, visit https://groups.google.com/d/optout.

--

Grid Dynamics

Skype: gd-nikl

Phone: +7-8452-67-4878 ext 2115 (10:00 - 18:00, UTC+3)
Cell:     +7-927-220-5990

[jkbull...gmail.com]

Thanks, Nikolay.

Keep in mind that the DH key is only on the server, not the client. So if you don't control the server, you have no access to the DH key.

Also, usually the DH key is usually named with the size as part of the name. So "dh1024.pem" indicates it is 1024 bits, or "dh2048.pem" indicates it is 2048 bits.

Although OpenSSL will change to requiring a larger size key, as the answer by Tom Leek in this discussion indicates that the "size" is not the only thing that determines how secure the key is, so keep that in mind, too.

On Thursday, May 21, 2015 at 11:34:51 AM UTC-4, Nikolay Krasnoyarsky wrote:

Hi there!

The easiest way to find it is use

openssl dhparam -in <DH_file.pem> -text -noout

[bhall]

Cool, thanks for the quick reply, Nikolay. All set with a 2048-bit DH key! Woo hoo!

[jr]

Any reason to go for 2048 vs 1024.   Isn't there a point of diminishing returns beyond a 1024 key?  

[philipp...@gmail.com]

How can a new DH be created with retaining the old Cert and Key files?

[jkbull...gmail.com]

(A) Create the new DH key but don't create the other keys, or (B) create all the keys and then only use the DH key.

If you used easy-rsa to generate your original keys, do so again. If your keys were created some other way, then I can't help.

To use easy-rsa to generate a new DH key:

1. Follow the instructions at Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients. Assuming you did this to get your original set of certificates and keys, you only change one line in the "vars" file: the ""export KEY_SIZE" line.
   
   
2. Copy only the new DH key file to the appropriate place on your server (I have no idea where that is, it depends on how you have your server set up), without copying any other files.
   

For more help on this, please contact the OpenVPN Users Forum or the OpenVPN Users Mailing List; they are the experts in easy-rsa.

[jkbull...gmail.com]

You can get a Terminal window open to the easy-rsa directory using the "Open easy-rsa in Terminal" button on the "Utilities" panel of Tunnelblick's "VPN Details…" window. However, it may not be the same copy of easy-rsa that you originally used to create the keys – it depends on how you created the keys originally.