MD5 signature algorithm support

It has been known for a very long time (since 2005 or so) that using MD5 as an algorithm for signing a certificate is a bad idea. It has been shown that with, at the time standard home computer equipment, it took about 8 hours to falsify a certificate signed this way, and as such the identity of the server could be faked. This could lead to an MiTM attack which could lead to interception of traffic. Therefore, MD5 support has been around only to allow connections to older equipment. We discovered that when we tried to cut support in November of 2017 during a security and functionality upgrade of OpenVPN Connect for Android that a lot of people were still using devices that use MD5 signed certificates. This is extremely insecure. It is recommended that any installations that still use MD5 signed certificates are converted to a setup with SHA256 signed certificates, or better. If the device you are using does not offer you the option to do so, then you should try updating the device to add this function if possible, or replace the device with a solution that does support it.

We have therefore decided to implement a transitional period in which we will still allow MD5 signed certificates to function, until May 2018, when we will start cutting support for MD5 out of OpenVPN entirely. You should plan accordingly. We have a list of deprecated options and ciphers here: https://community.openvpn.net/openvpn/wiki/DeprecatedOptions

To learn why MD5 signatures are bad, see these articles:

• https://tools.ietf.org/html/rfc6151#section-2
• https://eprint.iacr.org/2005/067.pdf
• https://eprint.iacr.org/2005/102.pdf

To determine if you are using an MD5 type certificate now using openssl as testing tool:

openssl x509 -in ca.crt -noout -text | grep "Signature Algorithm"

Example result if certificate is using MD5:

Signature Algorithm: md5WithRSAEncryption

If you see this result on the CA certificate or client certificate, then you must convert to a new and properly secure signed certificate set that uses at least SHA256 or better. For our OpenVPN Access Server users, it is good to know that we do not use MD5 certificate signatures at all in Access Server. For open source OpenVPN users, or users that have a third-party device that includes OpenVPN functionality, and you discover you have MD5 type certificates, you should investigate the option to update the software on your device, or to change the signature algorithm type, if possible. If it is not possible, you could try contacting the manufacturer of your device to see if they still support your device, and if they can create a means by which to replace the certificates with a properly secure type certificate.

The default settings of a program like EasyRSA 3, which is used by open source OpenVPN for generating client certificates and keys, are pretty secure and will generate certificate that are not signed with MD5.