Page 1 of 1
crypto_alg: SHA3-512: not found
Posted: Thu Aug 19, 2021 11:43 am
by Torsten Robitzki
Hi,
while importing an .OPVN profile given by a customer, I receive the error message: "crypto_alg: SHA3-512: not found". How would I add support for that hash function to OpenVPN and / or to my MacOS installation?
thanks in advance and best regards,
Torsten
Re: crypto_alg: SHA3-512: not found
Posted: Tue Aug 24, 2021 8:10 am
by Torsten Robitzki
Looks like OpenVPN is based on openssl, which by default seems to be libressl on MaCOS. After installing openssl using brew, I see that openssl has the SHA3-512 algorithm. But I can't convince OpenVPN Connect to use that library.
Re: crypto_alg: SHA3-512: not found
Posted: Mon Aug 30, 2021 12:12 pm
by openvpn_inc
Hello,
OpenVPN Connect only supports the commonly used algorithms, not all that exist out there. SHA3 is not on that list, and probably won't be added either, because we're focusing more on AEAD ciphers which don't use the --auth directive. Simply put the signing/validating of packets is part of the AEAD type ciphers already and doesn't need to occur separately like with CBC ciphers. Connect tries to upgrade to using AEAD ciphers by default. If you see in the logs 'AES-256-GCM' for example as cipher being used, that's an AEAD type cipher.
It is also questionable how much use it is to use SHA3 over SHA1 for the purpose of signing/validating packets if you ignore the whole AEAD thing. It would severely negatively impact your speed at little to no additional benefit in regards to security.
Kind regards,
Johan