Skip to content
Problem connecting to VPN since last 1.5.7 update
Got a problem with Viscosity or need help? Ask here!
Hi,
Since I upgraded this morning to the new version 1.5.7, I can't connect anymore to my VPN. It was working fine before I upgraded it.
Each time I try to connect I get this in the logs:
juin 18 12:54:23: TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small
juin 18 12:54:23: TLS Error: TLS object -> incoming plaintext read error
juin 18 12:54:23: TLS Error: TLS handshake failed
juin 18 12:54:23: SIGUSR1[soft,tls-error] received, process restarting
juin 18 12:54:23: State changed to Connecting
I'm using the VPN server in my RT-AC66U router. Like I said, everything was fine before the update.
How can I fix this or how can I reverse my Viscosity client to the previous version ?
Since I upgraded this morning to the new version 1.5.7, I can't connect anymore to my VPN. It was working fine before I upgraded it.
Each time I try to connect I get this in the logs:
juin 18 12:54:23: TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small
juin 18 12:54:23: TLS Error: TLS object -> incoming plaintext read error
juin 18 12:54:23: TLS Error: TLS handshake failed
juin 18 12:54:23: SIGUSR1[soft,tls-error] received, process restarting
juin 18 12:54:23: State changed to Connecting
I'm using the VPN server in my RT-AC66U router. Like I said, everything was fine before the update.
How can I fix this or how can I reverse my Viscosity client to the previous version ?
It seems that this new version 1.5.7 patches a vulnerability (logjam) and since the update, I can't connect to my VPN anymore.
The OpenVPN server is served from my Asus RT-AC66U router. Probably in the near future, Asus will update the firmware to fix it, so we can use larger keys.
But until they do, I need to be able to connect to it, and the only way to do so, is to reverse to the 1.5.6 version.
I don't see on your site, where I could get it back.
Is there a way to get back that version because there will be a lot of unhappy clients using VPN servers on Asus routers, that will get in the same situation, not beeing able to connect anymore ???
The OpenVPN server is served from my Asus RT-AC66U router. Probably in the near future, Asus will update the firmware to fix it, so we can use larger keys.
But until they do, I need to be able to connect to it, and the only way to do so, is to reverse to the 1.5.6 version.
I don't see on your site, where I could get it back.
Is there a way to get back that version because there will be a lot of unhappy clients using VPN servers on Asus routers, that will get in the same situation, not beeing able to connect anymore ???
Hi Slizz,
OpenSSL includes a number of important security updates, including blocking very, very weak Diffie-Hellman (DH) key lengths (less than 768bits). Weak keys are susceptible to a man-in-the-middle attack known as Logjam, which could result in an attacker decrypting your VPN connection:
https://weakdh.org
OpenSSL will be raising the minimum requirements even further to 1024bits in the next update, however at least 2048bits is recommended for a secure connection.
It appears your connection attempt is being blocked as your OpenVPN server’s DH key length is less than 768bits:
> Jun 18 20:49:24: TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small
I’d strongly recommend regenerating the DH parameters file and certificate/key on your OpenVPN server.
Regards,
Eric
OpenSSL includes a number of important security updates, including blocking very, very weak Diffie-Hellman (DH) key lengths (less than 768bits). Weak keys are susceptible to a man-in-the-middle attack known as Logjam, which could result in an attacker decrypting your VPN connection:
https://weakdh.org
OpenSSL will be raising the minimum requirements even further to 1024bits in the next update, however at least 2048bits is recommended for a secure connection.
It appears your connection attempt is being blocked as your OpenVPN server’s DH key length is less than 768bits:
> Jun 18 20:49:24: TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small
I’d strongly recommend regenerating the DH parameters file and certificate/key on your OpenVPN server.
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
3 posts
Page 1 of 1