How much is OpenSSL secure? How different paid VPNs, for security, are paid VPNs respect to open-source VPNs?

I’m just approaching the “world” of VPNs which I was thinking to use for my app in order to enhance its information security among users. I came across this interesting project tinc-VPN , an open-source VPN project which, based on the documentation, uses OpenSSL for its encryption activities. So the questions I pose you are:

1) how much is OpenSSL secure, since it both uses SSL and TLS, and since, for example in the Ubuntu package repository we can find bruteforce-salted-openssl , a package to find the passphrase for files encrypted with OpenSSL? Explanations found here is OpenSSL secure enough are helpfull but not resolutive.

2) how much different, in terms of security, are paid VPNs respect to open-source VPNs?

Thanks in advance. Marco

openSSL 1.1.1 and libSSL package

I want to use openSSL1.1.1 version for my code development. Currently am working with openssl 1.1.0g on ubuntu 18.04 machine.

If i download package with command sudo apt install libssl-dev then i get openssl 1.1.0g version,

If i download package with command sudo apt install libssl1.0-dev then i get openssl 1.0.2n version,

How to download openssl 1.1.0 and libssl package.

Note: I dont want to download openssl package separately and build it externally. I am supposed to download through ubuntu package

Verify PKCS#7 (CMS) detached signature with timestamp with OpenSSL

I have a PKCS#7 (i.e., CMS) detached signature of a file that is signed by my signing certificate and then timestamp signed by a TSA that is all generated by an application we wrote. I would like to give a third party the original data file and the detached signature file and have the third party verify the signature and trusted timestamp with readily available tools. Assuming the third party already has the CA certs that make up the chains for my signing certificate and the TSA, what OpenSSL commands should I tell the third party to run do the following:

  1. Validate the signature against the file and verify that the signing certificate chains up to a trusted root (can ignore revocation)
  2. Verify that the CMS data is timestamped via a trusted TSA
  3. Extract the TSA-signed timestamp from the CMS and print it in a human readable format

I am pretty sure #1 can be accomplished by executing the following command:

openssl cms -verify -in cms_file -content data_file -inform DER -CApath path_to_ca_certs

but I would like verification on that. Also, what commands should be used to perform #2 and #3?

How to clean my OpenSSL installation

I use Ubuntu 18.04. It was shipped with OpenSSL 1.1.0g . I tried to link manually compiled Python to a manually compiled OpenSSL1.1.1a but things does not seem to work well. When I now run Python it is automatically linked to OpenSSL1.1.1a. I want to revert this. I want to restore OpenSSL1.1.0g as the default library for my system and my system’s installed python. When I check my system’s OpenSSL version I get:

OpenSSL 1.1.0g  2 Nov 2017 (Library: OpenSSL 1.1.1a  20 Nov 2018) 

When I check:

whereis openssl 

I get:

openssl: /usr/bin/openssl /usr/include/openssl /usr/local/openssl /usr/local/openssl/bin/openssl /usr/share/man/man1/openssl.1ssl.gz 

How can I remove OpenSSL 1.1.1a and just leave the system’s OpenSSL 1.1.0g? How can I make Python linked to OpenSSL 1.1.0g? Any Python is linked to OpenSSL 1.1.1a now.

Using PSK between an openssl server and client

I’m trying to create a connection between an openssl server and client on my machine using ECDHE-PSK-AES256-CBC-SHA384 What am I doing wrong with these commands?

openssl s_server -cipher ECDHE-PSK-AES256-CBC-SHA384 -nocert -psk 123456 openssl s_client -psk 123456 

It seems to use psk in some way, as the connection fails if I change the psk, but the cipher used seems to be TLS_CHACHA20_POLY1305_SHA256.

How can I force all off ECDHE-PSK-AES256-CBC-SHA384?

openssl: Allow usage of insecure client certs

I have an application which has been distributed looooong ago. That application offers https interface to clients with client certificate authentication. By the time the application was released, providing 1024 bits key length certificates was probably OK. Albeit we always advertised customers to uupdate the default cert with their own PKI most of them are just using the default one, so I have thousands of instance running like this. Now I need to write a client (in python) to query that application. This client will run on more modern linux distros where libs and client apps are compiled against openssl 1.1.1a. As a result I always get the error bellow when trying to access the https interface using the weak default client cert: OpenSSL error:

140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small 

running the same code on older distros (with older openssl) or using application compiled against gnutls works ok.

A few questions:

  • Am I right thinking this is a limitation introduced for security reason in openssl?
  • If so, when was it introduced?
  • Is there a way to disable this check? (preerably without recompiling client libs)

Trying to understand/use openssl for decryption

There are many questions around this topic, but I haven’t found one that explains exactly my issue.

I am encrypting data with AES 128 CBC, but using python and pycryptodome (should have used the python openssl, but couldn’t find it) and specifying the key and iv (which is generally random). So, the key is not salted.

When I try using openssl 1.1.0g with ... | openssl enc -aes128 -d -K <key> -iv <initialization vector>, the operation fails with the ‘digital envelope’ failure after decrypting most of the string. If I add `-nopad’, then it works completely, without error. The output difference is 11 bytes.

The original input is padded with binary 0s to a multiple of 16 bytes before encrypting, the encrypted string is converted to hex, then the hex iv is prepended and everything is base64 encoded.

Can anyone shed any light on why I need the -nopad option? I thought that with the -K and -iv options, openssl wouldn’t process the salt at all for the decryption.

Are there any OpenVPN 2.4.7 Windows builds compiled against OpenSSL 1.1.1 for TLS1.3 support? [on hold]

As of February, 2019, the OpenVPN 2.4.7 Windows default build is currently compiled against OpenSSL 1.1.0j. As a result, it seems not support TLS 1.3 yet. (tls-version-min 1.3 and tls-ciphersuites commands are unavailable.)

I wonder are there any OpenVPN 2.4.7 Windows builds that support TLS1.3?

[moved from here]

Are there any OpenVPN 2.4.7 Windows builds compiled against OpenSSL 1.1.1 for TLS1.3 support?

As of February, 2019, the OpenVPN 2.4.7 Windows default build is currently compiled against OpenSSL 1.1.0j. As a result, it seems not support TLS 1.3 yet. (tls-version-min 1.3 and tls-ciphersuites commands are unavailable.)

I wonder are there any OpenVPN 2.4.7 Windows builds that support TLS1.3?