Hello, everyone!
I used SoftEtherVpn on OpenSuse 13.2 and it works fine.
One day i tried to use it on new OpenSuse Leap. SeVpn build process failed with error:
-- Alert: RsaCheck() --
OpenSSL Library Init Failed. (too old?)
Please install the latest version of OpenSSL.
After OpenSuse 42.2 Leap release i repeated this experiment on it.
It failed again with same error:
-- Alert: RsaCheck() --
OpenSSL Library Init Failed. (too old?)
Please install the latest version of OpenSSL.
Openssl versions:
OpenSuse 13.2
openssl-1.0.1k-2.33.1.x86_64
libopenssl1_0_0-1.0.1k-2.33.1.x86_64
libopenssl-devel-1.0.1k-2.39.1.x86_64
OpenSuse 42.2 Leap
libopenssl1_0_0-1.0.2j-4.1.x86_64
openssl-1.0.2j-4.1.x86_64
libopenssl-devel-1.0.2j-4.1.x86_64
libopenssl1_0_0-32bit-1.0.2j-4.1.x86_64
So, after few days researching i found reason: rsa key length error.
File:
src/Mayaqua/Encrypt.c
Function: bool RsaCheck()
variable: UINT bit = 32;
You need to change it to 1024 or higher (i tested with value: 2048 - ok)
It would be great if my topic help anyone.
Openssl 'too old?' issue: Fixed
-
moatazelmasry
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: Openssl 'too old?' issue: Fixed
Hi,
i haven't had this issue on ubuntu 16.04, but I think this is a very good catch.
You should create a pull request on github and use 2048 as a value. According to the documentation, anything < 1024 is considered insecure.
https://www.netsoup.net/docs/man/RSA_generate_key.3
Or if you want, I can create the pull request
Cheers,
i haven't had this issue on ubuntu 16.04, but I think this is a very good catch.
You should create a pull request on github and use 2048 as a value. According to the documentation, anything < 1024 is considered insecure.
https://www.netsoup.net/docs/man/RSA_generate_key.3
Or if you want, I can create the pull request
Cheers,