OpenVPN Versions - what happened to 2.4 with LibreSSL?

[jimbob]

I'm on the latest Tunnelblick beta, 3.7.6beta02 (build 5030), and am trying to connect to a server that employs CHACHA20-POLY1305-SHA256 for the tls-cipher.

There used to be an option to use 2.4 with LibreSSL, which supports the chacha20-poly1305 negotiation. Where has that gone?

Now the only 2.4 option I am given is the option of OpenVPN 2.4.5 - OpenSSL 1.0.2n. All the other options are incompatible with the server I'm trying to connect to. The only way I can connect using LibreSSL is by using OpenVPN 2.3.18, but the config needs 2.4.

This didn't used to be the case, so what happened?

Can we re-introduce the option of the latest 2.4 branch using LibreSSL crypto library, or start supporting the OpenSSL 1.1.0 branch (latest is 1.1.0g, 1.1.0h is being released on Tuesday)? OpenSSL 1.1.0 supports chacha20-poly1305. The official OpenVPN 2.4.5 Windows build now ships with OpenSSL 1.1.0g as default, so this should definitely be bundled with Tunnelblick now as its support is official with 2.4.5.

[Tunnelblick developer]

There was a change in OpenVPN 2.4.5 which causes it (and the git master branch version) to not build/work with LibreSSL, so those combinations were not included. : (

The next beta version will support OpenSSL 1.0.2o and include the following:

• OpenVPN 2.3.18 with OpenSSL 1.0.2o and LibreSSL 2.6.3
  
• OpenVPN 2.4.5 with OpenSSL 1.0.2o and 1.1.0h
• OpenVPN 2.5 from the Git master branch with OpenSSL 1.0.2o and 1.1.0h

A version of OpenVPN 2.5 from the Git master branch with LibreSSL 2.6.3 will be included if I can get it working, but having a version of OpenSSL 1.1 makes that less necessary.

The beta will be released sometime next week, after OpenSSL 1.0.2o and 1.1.0h are available. As you note, they are scheduled for release next Tuesday, 2018-03-27 and the OpenSSL folks are pretty good about meeting their deadlines, so I expect to release versions of Tunnelblick sometime between Tuesday and the end of the week.

[cart...@tcd.ie]

Great that you have included 1.1.0h in the latest beta update :)

Wasn't sure if I should post this here or create a new topic, but as it was directly related to the 1.1.0 branch, I thought I might carry it on here (let me know if you'd rather I create a new topic): unfortunately, having installed the latest beta update, and eagerly updating my settings in the gui so that the connection would use openvpn 2.4.5 with openssl 1.1.0h, when attempting to connect to my openvpn server, which is now compiled with 1.1.0h, the connection fails. Tunnelblick reports that TLS negotiation did not succeed within 60 seconds.

However, what is strange is that I can still use the openssl 1.0.2 branch. When selecting openvpn 2.4.5 with openssl 1.0.2o. the connection succeeds. Looking at the openvpn server log, I can see that, when trying to connnect using 1.1.0h on tunnelblick, I was getting the following errors:

TLS error: The server has no TLS ciphersuites in common with the client. Your --tls-cipher setting might be too restrictive.

Thu Mar 29 22:45:53 2018 OpenSSL: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher

Thu Mar 29 22:45:53 2018 TLS_ERROR: BIO read tls_read_plaintext error

Thu Mar 29 22:45:53 TLS Error: TLS object -> incoming plaintext read error

Thu Mar 29 22:45:53 TLS Error: TLS handshake failed

This error seems to be client side, as , like I say, it doesn't occur when using 1.0.2o. I don't have any tls-cipher options in either the server or client config files, so it's certainly a strange one. Any idea what could be causing this?

[Tunnelblick developer]

This is really an OpenVPN configuration question, but my guess is that the server has only "old" ciphers and OpenSSL 1.1 only has "new" ciphers., so there is no common cipher.

[cart...@tcd.ie]

I'm not so sure. Like I said, the server is also running openvpn 2.4.5 compiled with openssl 1.1.0h, so both server and client are running the same openssl version. Indeed, running the openvpn command with the --show-tls option on the server, and then running it on my mac (by directing the terminal to openvpn binary contained in /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.5-openssl-1.1.0h/), they both show the same set of ciphers.

[Tunnelblick developer]

Still, you probably need to get help on this from the OpenVPN folks.

The Tunnelblick build of OpenSSL uses the following config arguments: "no-shared zlib no-zlib-dynamic no-asm no-krb5". It doesn't (for example) forcably enable old ciphers that are considered to be security risks.

It is possible that there is something wrong with the way that Tunnelblick builds OpenSSL 1.1, but that seems unlikely since "it works for me" and there have been no other complaints. (Or maybe it's just too soon to see complaints: there are fewer than 10,000 downloads of the beta version so far.)

[jimbob]

I’ve reported it in the openvpn forums. Will wait and see what comes of it and report back here :)

[Tunnelblick developer]

That would be great and might help someone else with the same or a similar problem. (Or maybe it will point me to a problem with Tunnelblick.)

[jimbob]

Seems like this a known issue with openvpn 2.4.5 when using ecc and openssl 1.1.0 branch: https://community.openvpn.net/openvpn/ticket/1048