Cipher missing from server post Server Certificate renewal
-
@prashant-joshi At this point of the head-scratching process, I would reinstall (remove and install) the OpenVPN package manually via cli.
-
@Gertjan are you really on 23.05.1 ? I would move to current supported version 23.09.1 - there has been multiple changes, big one is jump to open ssl3, and I know the openvpn version has also been updated.
23.05.1 is no longer on the supported list.
If it was me, I would upgrade to current, and if your certs are still not working... Create new..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
@johnpoz We tried TS via anydesk (as securely as possible...) and in the end, it was throwing the "libssl.so.30 not found" error. In about 3 hours (when their workplace will empty) they will attempt the update.
I wonder why I was spared from that when I updated, with my 2+ year old certs... Maybe because I have everything ECDSA.
-
@NightlyShark said in Cipher missing from server post Server Certificate renewal:
ECDSA
I am pretty much exclusively using those.. I just created a couple for my new cams I got.. I might have some older but have started using those for the last few years.. And using those for my openvpn stuff.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
@johnpoz And... a little bird told me that the only secure curve that was not recommended by certain people that are known to be allergic to public encryption (caugh, PRISM!, caugh) was secp521r1...
-
@johnpoz That little bird is google, ok? hahaha
-
@NightlyShark said in Cipher missing from server post Server Certificate renewal:
"libssl.so.30 not found"
That's your system telling you : don't stay on older versions of pfSense. Upgrade to the actual version (23.09.1) asap and you'll be fine.
And note somewhere for the future : "never ever upgrade / install / 'do things with' packages before you've upgrade pfSense to the latest available version first". -
@Gertjan It's not my system... Not my thread, even. I just talk too much, hahaha.
-
@johnpoz said in Cipher missing from server post Server Certificate renewal:
@Gertjan are you really on 23.05.1 ?
Me ? Your kidding. 23.05.1 was ok, probably, I don't remember, 23.09.1 is pretty rock solid (for me). "VPN" (server) works well.
My bird says : if update is available, let the dust settle for a couple of days, and then click : upgrade.Btw : I've still my 10 years certs in service :
Total Lifetime: 3650 days
Lifetime Remaining: 1027 days until expirationThese were the less secure days I guess ...
-
@Gertjan @NightlyShark Thanks for your support and advice. Post version upgrade the issue was resolved.
Things are in control now and working well...
Once again thank you everyone.....
