Menu
▾
▴
Re: [Openvpn-users] Compatibility from openvpn 2.4 to 2.7
|
From: Simon M. <sim...@in...> - 2025-10-16 11:56:20
|
Hi Gert, > Hi, > > On Thu, Oct 16, 2025 at 11:53:51AM +0200, Simon Matter via Openvpn-users > wrote: >> I'm trying to upgrade an old openvpn 2.4 based vpn to 2.7. >> The old systems do have openssl 1.x while the new systems on AlmaLinux >> 10 >> will have openssl 3.2.2. > > OpenSSL 3.x is much strikter regarding "outdated crypto", so certficates > based on MD5 or SHA1 hash are refused by default. > > Try adding "tls-cert-profile legacy" or "tls-cert-profile insecure" to > your config and see if that makes it work (this enables SHA1 and MD5 > support). > > The error message you see is not the "typical" one, normally it says > something like "MD too weak" in this case. But it might still help. > I've tried both options but unfortunately they don't make a difference. Is there anything else I can try? Simon |
