False MITM warning using ECDSA

This forum is for general conversation and user-user networking.
Post Reply
TRJM
OpenVpn Newbie
Posts: 3
Joined: Mon Aug 13, 2018 12:16 pm

False MITM warning using ECDSA

Post by TRJM » Fri Sep 07, 2018 11:58 am

So I've setup an OpenVPN configuration to use TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 as TLS cipher, however whenever my client connects to the server (with the exact same TLS cipher) I get the following warning: "WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info."
At the link provided, the following solution is presented: "Sign server certificates with one CA and client certificates with a different CA. The client configuration ca directive should reference the server-signing CA file, while the server configuration cadirective should reference the client-signing CA file." This was already what I did in the first place, so I'm wondering whether the warning is bugged or what is going on?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5086
Joined: Fri Jun 03, 2016 1:17 pm

Re: False MITM warning using ECDSA

Post by TinCanTech » Fri Sep 07, 2018 2:55 pm

You still need the extended key usage to fix the warning.

TRJM
OpenVpn Newbie
Posts: 3
Joined: Mon Aug 13, 2018 12:16 pm

Re: False MITM warning using ECDSA

Post by TRJM » Tue Sep 11, 2018 6:35 am

So just to confirm, the warning is coming up because im not using the extended key usage. Assuming I did the solution I mentioned above correctly, my setup is secure from MITM attacks?

Post Reply