I’ve recently upgraded to Fedora 36 Silverblue. My first attempt to connect to my VPN failed with the following error:
Apr 04 20:34:31 fedora NetworkManager[817]: <info> [1649097271.6290] vpn[0x563061ce84d0,5baae628-e0ff-410e-b94a-3be4a07a73d1,"Work"]: starting openvpn
Apr 04 20:34:31 fedora NetworkManager[817]: <info> [1649097271.6294] audit: op="connection-activate" uuid="5baae628-e0ff-410e-b94a-3be4a07a73d1" name="Work" pid=1718 uid=1000 result="success"
Apr 04 20:34:31 fedora nm-openvpn[3371]: Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
Apr 04 20:34:31 fedora nm-openvpn[3371]: OpenVPN 2.5.6 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 16 2022
Apr 04 20:34:31 fedora nm-openvpn[3371]: library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Apr 04 20:34:31 fedora nm-openvpn[3371]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 04 20:34:31 fedora nm-openvpn[3371]: WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
Apr 04 20:34:31 fedora nm-openvpn[3371]: OpenSSL: error:0308010C:digital envelope routines::unsupported
Apr 04 20:34:31 fedora nm-openvpn[3371]: EVP cipher init #1
Apr 04 20:34:31 fedora nm-openvpn[3371]: Exiting due to fatal error
Does anybody have a similar openssl error?
IIUC Fedora 36 moved to OpenSSL 3. This might be a possible reason?
Before upgrading to f36, I removed the openssl package I had overlayed. I thought I did it to make a GNOME extension work, but now I suspect I installed it also to make openvpn work. I can’t remember.
I haven’t tried installing it yet, as I expected the openvpn plugin to work out-of-the-box.