[solved] Open VPN connect 3.4.2 for macOS needed, Version 3.4.3 trouble

[newuser1234]

Where can I get Open VPN connect version 3.4.2 ? It seems to be the only version, that we can use to connect to our VPN on macOS Ventura 13.6.3 and the latest version of macOS Sonoma.

With OpenVPN Connect 3.4.3.475 we get the following error:

Code: Select all

[Jan 17, 2024, 09:55:54] Transport Error: OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2640 status=-1: error:0A000086:SSL routines::certificate verify failed
⏎[Jan 17, 2024, 09:55:54] EVENT: DISCONNECTED ⏎
[Jan 17, 2024, 09:55:54] EVENT: CERT_VERIFY_FAIL OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2640 status=-1: error:0A000086:SSL routines::certificate verify failed⏎[Jan 17, 2024, 09:55:57] Raw stats on disconnect:
 BYTES_IN : 2948
 BYTES_OUT : 349
 PACKETS_IN : 4
 PACKETS_OUT : 3
 SSL_ERROR : 1
 CERT_VERIFY_FAIL : 1

[newuser1234]

With OpenVPN connect 3.4.2 I get the following warning, although the connection is working.

"WARN TLS: received certificate signed with SHA1. Please inform your admin to upgrade to a stronger algorithm. Support for SHA1 signatures will be dropped in the future"

Code: Select all

⏎[Jan 17, 2024, 14:49:02] Connecting to [domain.xyz]:446 (37.24.213.50) via TCPv4
⏎[Jan 17, 2024, 14:49:02] EVENT: CONNECTING ⏎[Jan 17, 2024, 14:49:02] Tunnel Options:V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client
⏎[Jan 17, 2024, 14:49:02] Creds: Username/Password
⏎[Jan 17, 2024, 14:49:02] Peer Info:
IV_VER=3.6.7
IV_PLAT=mac
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_IPv6=0
IV_GUI_VER=OCmacOS_3.4.2-4547
IV_SSO=webauth,openurl,crtext

⏎[Jan 17, 2024, 14:49:04] SSL Handshake: peer certificate: CN=domain.xyz, 1024 bit RSA, cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

⏎[Jan 17, 2024, 14:49:04] Session is ACTIVE
⏎[Jan 17, 2024, 14:49:04] EVENT: WARN TLS: received certificate signed with SHA1. Please inform your admin to upgrade to a stronger algorithm. Support for SHA1 signatures will be dropped in the future⏎[Jan 17, 2024, 14:49:04] EVENT: GET_CONFIG ⏎[Jan 17, 2024, 14:49:04] Sending PUSH_REQUEST to server...
⏎[Jan 17, 2024, 14:49:05] Sending PUSH_REQUEST to server...
⏎[Jan 17, 2024, 14:49:07] Sending PUSH_REQUEST to server...
⏎[Jan 17, 2024, 14:49:07] OPTIONS:

We also tried OpenVPN Connect v2.7.1, this version also failed to connect.

Has OpenVPN Connect >= 3.4.3 removed the support for SHA1 signatures? I can not see anything mentioned in the below changelog.

https://openvpn.net/vpn-server-resource ... hange-log/

I must admit, I do not want to change anything regarding the server certificate, if I do not need to. At this time only one user can not use the VPN. It would be a catastrophe, if no user could use the VPN....

[newuser1234]

If anyone is also in need for version 3.4.2 I found it here https://swupdate.openvpn.net/downloads/ ... signed.dmg

Credits go to viewtopic.php?p=112072&hilit=sonoma#p112083