OpenVPN client & OpenSSL 3.x workaround on Linux (OpenSUSE Tumbleweed)

FYI: I had a connection issue to our office’s IPFire box (v172) with my OpenVPN client on OpenSUSE Tumbleweed, which installs OpenSSL 3.x by default.

when trying to start with command: sudo openvpn --config MyOpenVPN.ovpn , the OpenVPN error was

OpenSSL: error:11800071:PKCS12 routines::mac verify failure
OpenSSL: error:0308010C:digital envelope routines::unsupported
Decoding PKCS12 failed. Probably wrong password or unsupported/legacy encryption
SIGUSR1[soft,private-key-password-failure] received, process restarting

It worked with this workaround by adding / uncommenting the following lines in /etc/ssl/openssl.conf on my Linux machine:

openssl_conf = openssl_init

providers = provider_sect

default = default_sect
legacy = legacy_sect

activate = 1

activate = 1

You can check with this command-line if it works:
sudo openssl pkcs12 -in MyOpenVPN.p12

See also:

hope this helps

1 Like