We pushed out a security and functionality upgrade of OpenVPN Connect for Android in November 2017 and discovered that many people’s devices still used MD5-signed certificates. You should only support the use of MD5 for older equipment. Such an attack leads to the interception of data communication. This opens up to a risk for a man-in-the-middle attack. Using MD5 means it’s possible to fake the identity of the server. For example, time-standard home computer equipment takes about eight hours to falsify a certificate signed using MD5 as an algorithm. We recommend not using MD5 as an algorithm for a signing certificate due to its possible insecurity. Refer to general OpenVPN client connectivity error messages and solutions for more error messages. It can occur when the user denies permission for OpenVPN Connect to import a profile. This error message displays when the profile wasn’t successfully imported into iOS VPN Settings. Login failed: Profile was not added in system A possible reason for this could be lack of available storage space. This error message displays when you download a profile from a server, but OpenVPN Connect can’t temporarily save the profile to the filesystem before importing it to the iOS VPN settings. You can usually remedy this by going to the app settings in OpenVPN Connect and checking the box for AES-CBC Cipher Algorithm. This error message relates to cipher suites.
Some users have solved this issue by updating their OpenVPN and OpenSSL software on the server-side.īIO read tls_read_plaintext error: error:1408A0C1:SSL routines:SS元_GET_CLIENT_HELLO:no shared cipher This error message likely occurs when using older versions of OpenVPN/OpenSSL on the server-side. SSL - Processing of the ServerKeyExchange handshake message failed It’s not possible to enable it with auth none enabled. To resolve the error, remove the tls-auth directive. This happens because tls-auth needs an auth digest, but it isn’t specified. This error message occurs if you specify auth none and also tls-auth in your client profile. Refer to the MD5 signature algorithm support section for more information. The solution is to use a certificate not signed with MD5 but with SHA256 or better. In other words, it could very well be a fake certificate. With an MD5-signed certificate, the security level is so low that the authenticity of the certificate can’t by any reasonable means be assured.
Certificate verification failure can occur, for example, if you are using an MD5-signed certificate. This error message occurs when a certificate can’t be verified properly. Refer to this detailed forum post for more info.Ĭertificate verification failed : x509 - certificate verification failed, e.g. This error message occurs with a faulty certificate. Fill in appropriate credentials.Įrror parsing certificate : X509 - The date tag or value is invalid Delete and then re-import your connection profile(s).If you experience issues after a recent OpenVPN Connect update: