Cryptographic warning - still reappears

I have upgraded to latest - IPFire 2.25 (i586) - Core Update 155

  • after Cryptographic error: The Diffie-Hellman parameter needs to be in minimum 2048 bit!

I have recreated root/host/DH/TLS-Auth-key - but still the Cryptographic warning appears I should upgrade to latest version - that is already done.

Should I care about that warning ? Or how to remove it if it is irrelevant ?

Thank You.

Hi,
causing the logjam attack → https://community.openvpn.net/openvpn/wiki/Logjam , this check has been added whereby this message appears if the dh-parameter is under 2048 bit → git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/ovpnmain.cgi . IPFire should create an 2048 bit dh-parameter by default if you´ve created a new PKI. You can check the parameter length via WUI or with an

openssl dhparam -text -in /var/ipfire/ovpn/ca/dh1024.pem

If it is under 2048 bit you can create a new one via IPFire → wiki.ipfire.org - Generate Server certificates and keys which may take very long or you can create it on a faster machine with OpenSSL with an

openssl dhparam -out dhparam.pem 2048

and upload it via OpenVPN WUI.

Best,

Erik

Hi Erik.

Thanks for (known) answer, but even if I have 2048 lengths ok,

obrázok

still the warning appears…


Cryptographic warning

Your host certificate is not RFC3280 compliant.


also should I care about this warning anymore ?

or how to vanish it ? I don’t want to generate something again - I have already about 30 OVPN RoadWarriors recreated… :expressionless:

This message should then disappear by reloading the page.