action #155920: [security][15-SP6] test fails in openvpn_server due to unsupported cipher - openQA Tests - openSUSE Project Management Tool

Actions

Copy link

action #155920

closed

[security][15-SP6] test fails in openvpn_server due to unsupported cipher

Added by emiler 3 months ago. Updated 2 months ago.

Status:

Resolved

Priority:

Normal

Assignee:

pstivanin

Category:

Bugs in existing tests

Target version:

Start date:

2024-02-23

Due date:

% Done:

100%

Estimated time:

8.00 h

Difficulty:

Tags:

fips, fail

Description

openQA test in scenario sle-15-SP6-Online-x86_64-fips_tests_crypt_openvpn_server@64bit fails in
openvpn_server

The OpenVPN service fails to start:

× openvpn@static.service - OpenVPN tunneling daemon instance using /etc/openvpn/static.conf
     Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; disabled; preset: disabled)
     Active: failed (Result: exit-code) since Mon 2024-02-19 13:50:25 EST; 12ms ago
   Duration: 3ms
    Process: 2924 ExecStart=/usr/sbin/openvpn --daemon openvpn@static --writepid /run/openvpn/static.pid --cd /etc/openvpn/ --config static.conf (code=exited, status=1/FAILURE)
   Main PID: 2924 (code=exited, status=1/FAILURE)
     Status: "Pre-connection initialization successful"
        CPU: 8ms

Feb 19 13:50:25 server systemd[1]: Starting OpenVPN tunneling daemon instance using /etc/openvpn/static.conf...
Feb 19 13:50:25 server openvpn@static[2924]: DEPRECATED OPTION: The option --secret is deprecated.
Feb 19 13:50:25 server openvpn@static[2924]: DEPRECATION: No tls-client or tls-server option in configuration detected. OpenVPN 2.7 will remove the functionality to run a VPN without TLS. See the examples section in the manual page for examples of a similar quick setup with peer-fingerprint.
Feb 19 13:50:25 server openvpn@static[2924]: OpenVPN 2.6.8 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
Feb 19 13:50:25 server openvpn@static[2924]: library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
Feb 19 13:50:25 server systemd[1]: Started OpenVPN tunneling daemon instance using /etc/openvpn/static.conf.
Feb 19 13:50:25 server openvpn@static[2924]: Cipher BF-CBC not supported
Feb 19 13:50:25 server openvpn@static[2924]: Exiting due to fatal error
Feb 19 13:50:25 server systemd[1]: openvpn@static.service: Main process exited, code=exited, status=1/FAILURE
Feb 19 13:50:25 server systemd[1]: openvpn@static.service: Failed with result 'exit-code'.

It seems like new versions (perhaps OpenSSL 3 migration?) do not support the BF-CBC cipher. We might need to update our test data.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

QA » openQA Project » openQA Tests

Tags

Custom queries

action #155920

[security][15-SP6] test fails in openvpn_server due to unsupported cipher

Updated by emiler 3 months ago

Updated by pstivanin 3 months ago

Updated by pstivanin 3 months ago

Updated by pstivanin 3 months ago · Edited

Updated by tjyrinki_suse 2 months ago

Updated by pstivanin 2 months ago

Updated by pstivanin 2 months ago

Updated by pstivanin 2 months ago

Updated by pstivanin 2 months ago