So I've setup an OpenVPN configuration to use TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 as TLS cipher, however whenever my client connects to the server (with the exact same TLS cipher) I get the following warning: "WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info."
At the link provided, the following solution is presented: "Sign server certificates with one CA and client certificates with a different CA. The client configuration ca directive should reference the server-signing CA file, while the server configuration cadirective should reference the client-signing CA file." This was already what I did in the first place, so I'm wondering whether the warning is bugged or what is going on?
False MITM warning using ECDSA
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: False MITM warning using ECDSA
You still need the extended key usage to fix the warning.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Aug 13, 2018 12:16 pm
Re: False MITM warning using ECDSA
So just to confirm, the warning is coming up because im not using the extended key usage. Assuming I did the solution I mentioned above correctly, my setup is secure from MITM attacks?