Cannot use longer RSA key at OpenVPN for Android 10

zentavr · Post by **zentavr** » Wed Feb 05, 2020 5:00 pm

Hello,

I have Android 10 at my Google's Pixel 3 and I'm not able to use the keys which are longer than 4k. iOS client "eats" even 8k key.

I wonder what could be the problem?

Code: Select all

18:28:38.987 -- ----- OpenVPN Start -----

18:28:38.987 -- EVENT: CORE_THREAD_ACTIVE

18:28:38.990 -- OpenVPN core 3.git::728733ae:Release android arm64 64-bit PT_PROXY built on Aug 14 2019 14:13:26

18:28:39.044 -- Frame=512/2048/512 mssfix-ctrl=1250

18:28:39.044 -- UNUSED OPTIONS
3 [resolv-retry] [infinite] 
4 [persist-key] 
5 [persist-tun] 
7 [verb] [3] 

18:28:39.045 -- EVENT: RESOLVE

18:28:39.046 -- Contacting a.b.c.242:1194 via UDP

18:28:39.046 -- EVENT: WAIT

18:28:39.050 -- Connecting to [a.b.c.242]:1194 (a.b.c.242) via UDPv4

18:28:39.429 -- EVENT: CONNECTING

18:28:39.431 -- Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth SHA1,keysize 256,key-method 2,tls-client

18:28:39.431 -- Creds: UsernameEmpty/PasswordEmpty

18:28:39.431 -- Peer Info:
IV_GUI_VER=OC30Android
IV_VER=3.git::728733ae:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1


18:28:39.942 -- VERIFY OK : depth=1
cert. version     : 3
serial number     : 25:71:6F:0A:23:14:3A:F9
issuer name       : C=US, ST=California, L=San Francisco, O=TI Org, OU=Infrastructure Dept, CN=Root Certificate
subject name      : CN=RS VPN Infrastructure Certification Authority
issued  on        : 2019-03-05 17:24:36
expires on        : 2029-03-02 17:24:36
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true, max_pathlen=0
key usage         : Digital Signature, Key Cert Sign, CRL Sign


18:28:39.943 -- VERIFY OK : depth=0
cert. version     : 3
serial number     : 6F:C9:DD:B2:61:95:EC:24
issuer name       : CN=RS VPN Infrastructure Certification Authority
subject name      : CN=ovpn.ti.local, C=MX
issued  on        : 2020-01-02 14:20:45
expires on        : 2022-01-01 14:20:45
signed using      : RSA with SHA-256
RSA key size      : 8192 bits
basic constraints : CA=false
subject alt name  : ovpn.ti.local
key usage         : Digital Signature, Key Encipherment
ext key usage     : TLS Web Client Authentication, ???, TLS Web Server Authentication


18:28:40.040 -- EVENT: EPKI_INVALID_ALIAS info='RS VPN Cert zentavr'

18:28:40.041 -- EVENT: EPKI_ERROR info='javax.crypto.IllegalBlockSizeException'

18:28:40.041 -- MbedTLSContext::epki_sign exception: ssl_external_pki: MbedTLS: could not obtain signature

18:28:40.041 -- Client exception in transport_recv_excode: mbed TLS: SSL read error : RSA - Bad input parameters to function

18:28:40.042 -- EVENT: DISCONNECTED

18:28:40.042 -- Tunnel bytes per CPU second: 0

18:28:40.042 -- ----- OpenVPN Stop -----