From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 Date: Wed, 4 Sep 2019 09:36:45 +0200 From: Konstantin Lepikhov To: ALT Linux sysadmins' discussion Message-ID: <20190904073644.GA32096@lks.home> References: <40808878-0e05-c465-f9f5-cb28d0e0598d@mail.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <40808878-0e05-c465-f9f5-cb28d0e0598d@mail.ru> X-Operation-System: ALT Sisyphus Sisyphus (unstable) (sisyphus) 5.2.0-lks-wks-alt0.3 User-Agent: Mutt/1.10.1 (2018-07-13) Subject: Re: [Sysadmins] p8 -> p9 X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux sysadmins' discussion List-Id: ALT Linux sysadmins' discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Sep 2019 07:36:51 -0000 Archived-At: List-Archive: Hi Vladimir! On 09/03/2019, at 07:51:46 PM you wrote: > Здравствуйте! > > Пытаюсь обновиться. > > 1. Отвалился OpenVPN из-за слабости сертификата: > OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak > Безопасность, это хорошо, но не имея возможности подключиться к серверу, > исправить это точно не получится. Как можно временно понизить этот уровень > безопасности? https://github.com/OpenVPN/openvpn-gui/issues/229 ... > try to convince the server admin to upgrade the server certificate. No > excuse for using MD5 in certificates. If that is not an option you could > run with --tls-cipher DEFAULT:@SECLEVEL=0, but its not recommended. -- WBR et al.