Cipher error when connecting and SSL_CTX_use_certificate_failed error

Hi all,

We receive a ‘connection failed’ error which we believe is related to ciphers, but we’ve checked this on VyOS server, and they’re at aes-256, when we set the client to aes-256 we receive ‘SSL_CTX_use_certificate_failed’ error:0A00018F:SSL routines::ee key too small error but if we set the security level to ‘Insecure’ it works fine.

Any help would be greatly appreciated.
Kind Regards
Z
VyOS cipher error1
VyOS ssl_ctx error2

Hi,

If you really like some help it it’s important to provide context. What are you trying to configure? What gives the error? What does your config look like? Etc…etc…

Regards,

Sander

2 Likes

Hi Sander,

Sorry of course more detail is required:

The error is from users trying to connect to a VPN appliance VyOS ver 1.3.0, I believe that particular error is from their PC running openvpn (I’m waiting for the version),they also use phones to connect I’m waiting on them testing.

The server is set to use aes-256 so I’ve asked them to set their client/s to the same their current settings are:

proto udp
remote ******
nobind
verb 3
cipher BF-CBC
data-ciphers BF-CBC
data-ciphers-fallback BF-CBC
tls-cipher “DEFAULT:@SECLEVEL=0”
tls-version-min 1.0

Finally my screenshots (Sreenshot#1)show the errors they are receiving when they connect with the settings above, they can choose to ignore and still connect, screenshot#2 is the error they’re receiving after I asked them to change their openvpn clients/profile to use ‘cipher-aes-256’

Please try with the latest stable or rolling release and if you still see the issue, please share the configuration from the server side and the logs:

$ show version
$ show configuration commands | strip-private
$ show log openvpn (capture from the timeframe when the error received)
$ Share the version of openvpn client used on the PC

1 Like