ERROR: client.key is a known vulnerable key. See ‘man openssl-vulnkey’ for details.

After the crypto bug got fixed in debian (and the system got updated via apt) it would prompt one for regeneration of certificates.

what i forgot all about, was that of course OpenVPN was affected by this aswell, so after the update and a reboot, all my vpn connections died suddenly.

as far as i know, theres no other way to fix this, other than generating new keys, (ca, dh, all of it) since the openvpn server itself wont work anymore.

however, a temp solution until one gets time to generate new keys and certificates could be….

sudo mv /usr/sbin/openssl-vulnkey /usr/sbin/openssl-vulnkey.bak

$ sudo mv /usr/sbin/openvpn-vulnkey /usr/sbin/openvpn-vulnkey.bak

$ sudo ln -s /bin/true /usr/sbin/openssl-vulnkey

OpenVPN will now start with the naughty keys and you can at least update the keys.

This entry was posted on July 15, 2008, 12:47 pm and is filed under apt, debian, linux, network. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

www.annoying.dk

yet another useless blog

ERROR: client.key is a known vulnerable key. See ‘man openssl-vulnkey’ for details.

No comments yet.

Recent Comments