OpenVPN 1.2.5 (iOS): ECDHE-ECDSA support

[markhorrocks]

I updated to 1.2.5 today and expected support for OpenVPN 2.4 but I'm still getting

Tue Jan 9 06:05:51 2018 122.23.165.166:53302 TLS error: The server has no TLS ciphersuites in common with the client. Your --tls-cipher setting might be too restrictive.
Tue Jan 9 06:05:51 2018 122.23.165.166:53302 OpenSSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
Tue Jan 9 06:05:51 2018 122.23.165.166:53302 TLS_ERROR: BIO read tls_read_plaintext error
Tue Jan 9 06:05:51 2018 122.23.165.166:53302 TLS Error: TLS object -> incoming plaintext read error
Tue Jan 9 06:05:51 2018 122.23.165.166:53302 TLS Error: TLS handshake failed
Tue Jan 9 06:05:51 2018 122.23.165.166:53302 SIGUSR1[soft,tls-error] received, client-instance restarting

From the FAQ:

I cannot connect to the server (client times out), and the server log file shows "TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher".
This is usually remedied by going to the OpenVPN section of the iOS Settings app and selecting "Force AES-CBC ciphersuites".

Setting for AES-CBC did not work.

Can anybody advise which tls cipher will work for me?

Here's my server config which works on OS X Tunnelblick.

Code: Select all

dev tun 

proto udp

port 1194 

user ovpn
group ovpn

ca ca.crt 
cert server.crt 
key server.key 

server 10.3.255.0 255.255.255.0 
 
ifconfig-pool-persist ipp.txt 

ncp-disable
cipher AES-256-GCM

auth SHA512

tls-version-min 1.2

tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

dh none

ecdh-curve secp521r1

keepalive 10 120
 
persist-key 
persist-tun 

tls-server

tls-crypt /etc/openvpn/server/tls-auth.key

Here is my client config

Code: Select all

client
proto udp
dev tun
persist-key
persist-tun

remote vpn.mydomain.com 1194
resolv-retry infinite
nobind
explicit-exit-notify 1

remote-cert-tls server
auth SHA512
cipher AES-256-GCM
tls-version-min 1.2
tls-client
ping 15
ping-restart 120

keys redqcted

[ordex]

Code: Select all

tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

*-ECDSA-* is not yet supported by OpenVPN Connect. ECDHE is ok, but ECDSA must be substituted with RSA.
An alternative is to remove this statement and let client and server negotiate the best cipher suite.

[markhorrocks]

I did comment out that line but still got the same error. I have verified that the line is indeed commented out on the server.

Code: Select all

tls-version-min 1.2
# tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

[GainfulShrimp]

I'm having exactly this issue. It seems that 1.2.5 doesn't work with ECDHE-RSA.

Server log shows:

Code: Select all

82.132.227.120:34080 TLS: Initial packet from [AF_INET]82.132.227.120:34080, sid=be63b871 ce68bc21
82.132.227.120:34080 TLS error: The server has no TLS ciphersuites in common with the client. Your --tls-cipher setting might be too restrictive.
82.132.227.120:34080 OpenSSL: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
82.132.227.120:34080 TLS_ERROR: BIO read tls_read_plaintext error
82.132.227.120:34080 TLS Error: TLS object -> incoming plaintext read error
82.132.227.120:34080 TLS Error: TLS handshake failed
82.132.227.120:34080 SIGUSR1[soft,tls-error] received, client-instance restarting

I'm not specifying a tls-cipher option either (leaving it to be negotiated).

View Originalserver

dev tun
proto udp
port 1194
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
ca /etc/openvpn/eckeys/ca.crt
cert /etc/openvpn/eckeys/server-ec.crt
key /etc/openvpn/eckeys/server-ec.key
dh none
server 10.188.0.0 255.255.255.0
ifconfig 10.188.0.1 10.188.0.2
push "route 10.188.0.1 255.255.255.255"
push "route 10.188.0.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
push "dhcp-option DNS 192.168.2.1"
push "redirect-gateway def1"
client-to-client
keepalive 10 60
tls-crypt /etc/openvpn/eckeys/tc.key
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-version-min 1.2
user nobody
group nogroup
persist-key
persist-tun
reneg-sec 0
mute-replay-warnings
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 3

View Originalclient

client
dev tun
proto udp
remote myserverdomain 1194
nobind
persist-key
persist-tun
reneg-sec 0
mute-replay-warnings
remote-cert-tls server
cipher AES-128-GCM
tls-version-min 1.2
verb 3
mute 20
<ca>
-----BEGIN CERTIFICATE-----
blah blah
-----END CERTIFICATE-----
</ca>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
blah blah
-----END OpenVPN Static key V1-----
</tls-crypt>

[ordex]

I'm having exactly this issue. It seems that 1.2.5 doesn't work with ECDHE-RSA.

Server log shows:

Code: Select all

82.132.227.120:34080 TLS: Initial packet from [AF_INET]82.132.227.120:34080, sid=be63b871 ce68bc21
82.132.227.120:34080 TLS error: The server has no TLS ciphersuites in common with the client. Your --tls-cipher setting might be too restrictive.
82.132.227.120:34080 OpenSSL: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
82.132.227.120:34080 TLS_ERROR: BIO read tls_read_plaintext error
82.132.227.120:34080 TLS Error: TLS object -> incoming plaintext read error
82.132.227.120:34080 TLS Error: TLS handshake failed
82.132.227.120:34080 SIGUSR1[soft,tls-error] received, client-instance restarting

I'm not specifying a tls-cipher option either (leaving it to be negotiated).

Are your certs ECC or RSA?

[GainfulShrimp]

Are your certs ECC or RSA?

Thanks @ordex, I think you've nailed the problem... I was getting confused between ECC for key exchange (e.g. ECDHE) and ECC for signatures (e.g. ECDSA).

For version 1.2.5 of OpenVPN Connect (iOS), we can only use ECC for key exchange but not ECC keys/signatures.

Thus, trying to use ECC signatures/keys will fail for version 1.2.5, irrespective of whether the key exchange is ECC...

[rcy1122]

Code: Select all

tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

*-ECDSA-* is not yet supported by OpenVPN Connect. ECDHE is ok, but ECDSA must be substituted with RSA.
An alternative is to remove this statement and let client and server negotiate the best cipher suite.

Hi @ordex
If I want to support ECDSA for iOS, do I need to modify the open VPN source? Or modify the configuration environment? Can you tell me the direction of ECDSA?
thank you..

[ordex]

Code: Select all

tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

*-ECDSA-* is not yet supported by OpenVPN Connect. ECDHE is ok, but ECDSA must be substituted with RSA.
An alternative is to remove this statement and let client and server negotiate the best cipher suite.

Hi @ordex
If I want to support ECDSA for iOS, do I need to modify the open VPN source? Or modify the configuration environment? Can you tell me the direction of ECDSA?
thank you..

Hi there and thanks for offering help!

At the moment we lack support for ECDSA in the core. Therefore the first step to take would be to implement ECDSA support in the openvpn3-core (https://github.com/OpenVPN/openvpn3) and ensure that all the inner components have what they need.

Once the openvpn3-core alone supports ECDSA, then *I think* that the iOS UI code won't need any change - but of course the app needs to be rebuilt using the new core.

[rcy1122]

Thank you for your reply, feel like doing a lot of things.

But, Why is ecdsa supported on Linux?

[rcy1122]

*-ECDSA-* is not yet supported by OpenVPN Connect. ECDHE is ok, but ECDSA must be substituted with RSA.
An alternative is to remove this statement and let client and server negotiate the best cipher suite.

Hi @ordex
If I want to support ECDSA for iOS, do I need to modify the open VPN source? Or modify the configuration environment? Can you tell me the direction of ECDSA?
thank you..

Hi there and thanks for offering help!

At the moment we lack support for ECDSA in the core. Therefore the first step to take would be to implement ECDSA support in the openvpn3-core (https://github.com/OpenVPN/openvpn3) and ensure that all the inner components have what they need.

Once the openvpn3-core alone supports ECDSA, then *I think* that the iOS UI code won't need any change - but of course the app needs to be rebuilt using the new core.

Thank you for your reply, feel like doing a lot of things.

But, Why is ecdsa supported on Linux?

[ordex]

Thank you for your reply, feel like doing a lot of things.

But, Why is ecdsa supported on Linux?

Are you talking about OpenVPN 2.x? If yes, that's a totally different code base (and yes, ECDSA is supported there).

OpenVPN Connect is based on OpenVPN3 (link to the repo in my previous post) which is a rewrite from scratch of the core component.
If you are interested, a Linux client using OpenVPN3 is currently under development (https://github.com/OpenVPN/openvpn3-linux), but can already be tested.

[rcy1122]

Thank you for your reply, feel like doing a lot of things.

But, Why is ecdsa supported on Linux?

Are you talking about OpenVPN 2.x? If yes, that's a totally different code base (and yes, ECDSA is supported there).

OpenVPN Connect is based on OpenVPN3 (link to the repo in my previous post) which is a rewrite from scratch of the core component.
If you are interested, a Linux client using OpenVPN3 is currently under development (https://github.com/OpenVPN/openvpn3-linux), but can already be tested.

NO,
I compiled

Code: Select all

https://github.com/OpenVPN/openvpn3 

under Linux, and it is ok to log in with the ecdsa certificate.

Here's my code:

Code: Select all

ECHO=1 PROF=linux ASIO DIR=~/asio OPENSSL SYS=1LZ4 SYS=1$O3/core/scripts/build cli

Code: Select all

g+ +-fwhole-program-O3-Wall-Wno-sign-compare-Wno-unused-parameter-std= + + 14-wl,--no-as-needed-Wno-
unused local-typedefs-Wno-unused-variable-Wno-shift-count-overlow-pthread DUSE OPENSSL-DUSE ASIO-
DASIO STANDALONE-DASIO NO DEPRECATED-/root/asio/asio/include-DHAVE LZ4-l/root/ovpn3/core cli.cpp-o cli
lssl-lcrypto-ld-lz4

Code: Select all

./c li-a-c yes myprofi le.ovpn route-nopu l--pk-password smpStPibfbuylxiVMr6ZMw49wuzsWynV8CvlC8XZcfs =

[ordex]

NO,
I compiled

Code: Select all

https://github.com/OpenVPN/openvpn3 

under Linux, and it is ok to log in with the ecdsa certificate.

Here's my code:

Code: Select all

ECHO=1 PROF=linux ASIO DIR=~/asio OPENSSL SYS=1LZ4 SYS=1$O3/core/scripts/build cli

Code: Select all

g+ +-fwhole-program-O3-Wall-Wno-sign-compare-Wno-unused-parameter-std= + + 14-wl,--no-as-needed-Wno-
unused local-typedefs-Wno-unused-variable-Wno-shift-count-overlow-pthread DUSE OPENSSL-DUSE ASIO-
DASIO STANDALONE-DASIO NO DEPRECATED-/root/asio/asio/include-DHAVE LZ4-l/root/ovpn3/core cli.cpp-o cli
lssl-lcrypto-ld-lz4

Code: Select all

./c li-a-c yes myprofi le.ovpn route-nopu l--pk-password smpStPibfbuylxiVMr6ZMw49wuzsWynV8CvlC8XZcfs =

Oh, ok. That wasn't clear.

I guess your client is working because it is using OpenSSL. We are much more focussed on developing on mbedTLS for embedded devices (and generally for clients), therefore the latter is what is shipped in OpenVPN Connect.

[rcy1122]

Oh, ok. That wasn't clear.

I guess your client is working because it is using OpenSSL. We are much more focussed on developing on mbedTLS for embedded devices (and generally for clients), therefore the latter is what is shipped in OpenVPN Connect.

Yes, openssl is used on Linux.
OK, back to iOS.
I know openVPN3 use mbedTls 2.6.0 and mbedTls support ECDSA (https://tls.mbed.org/core-features). But openvpn3 does not support ECDSA.

[ordex]

Oh, ok. That wasn't clear.

I guess your client is working because it is using OpenSSL. We are much more focussed on developing on mbedTLS for embedded devices (and generally for clients), therefore the latter is what is shipped in OpenVPN Connect.

Yes, openssl is used on Linux.
OK, back to iOS.
I know openVPN3 use mbedTls server version and mbedTls support ECDSA (https://tls.mbed.org/core-features). But openvpn3 does not support ECDSA.

Right, we need to check what's missing in the mbedTLS backend in the ovpn3-core

[rcy1122]

Right, we need to check what's missing in the mbedTLS backend in the ovpn3-core

I would like to confirm that you mean that the ovpn3-core will support ECDSA?
How long will it take?
I've been tossed around for a few days, and I really appreciate it.

[ordex]

Right, we need to check what's missing in the mbedTLS backend in the ovpn3-core

I would like to confirm that you mean that the ovpn3-core will support ECDSA?
How long will it take?
I've been tossed around for a few days, and I really appreciate it.

Yes, it will.
It's in the roadmap but we haven't made any plan yet, so can't say exactly.
For sure it's a wanted feature, so it may find some place on top of the list.

[rcy1122]

I would like to confirm that you mean that the ovpn3-core will support ECDSA?
How long will it take?
I've been tossed around for a few days, and I really appreciate it.

Yes, it will.
It's in the roadmap but we haven't made any plan yet, so can't say exactly.
For sure it's a wanted feature, so it may find some place on top of the list.

Because I don't know when you can support it, is there any other way to support it?
On open3-core, replace mbedTls with openssl, is that feasible? Or whatever

[ordex]

Because I don't know when you can support it, is there any other way to support it?
On open3-core, replace mbedTls with openssl, is that feasible? Or whatever

I don't think so, sorry.

[rcy1122]

Because I don't know when you can support it, is there any other way to support it?
On open3-core, replace mbedTls with openssl, is that feasible? Or whatever

I don't think so, sorry.

Can you support it in advance? It's important.

Thank you for your reply, anyway.