Orbi AX6000 vpn from linux: OpenSSL: error:0A00018F:SSL routines::ee key too small

Question

I'm encountered an issue connecting to the orbi from linux, specifically fedora 38.

Running `sudo openvpn --config ./smart_phone.ovpn`,
I get the an error `OpenSSL: error:0A00018F:SSL routines::ee key too small`

The system thinks the keys are too small and insecure for use and stops.

This works OK with other linux versions but Fedora 38 is being more pedantic.
I don't think it likes the 1024 bit RSA root certificate ( Asymmetric_algorithm_key_lengths )

I'm far from a security expert, but can anyone advise if this is secure or had any luck connecting to the orbi's vpn from Fedora.

~Adam

catch222 · Answer

In fedora i need to explicitly allow this legacy cipher

```
sudo openvpn --config ./smart_phone.ovpn --tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
```

Other links
https://ciphersuite.info/cs/TLS_DHE_RSA_WITH_AES_128_CBC_SHA/

https://csrc.nist.gov/csrc/media/projects/key-management/documents/transitions/transitioning_cryptoalgos_070209.pdf

catch222 · Answer

I've contacted support about this issue. In the hope they might bump up the keys to 2048 bits as has been the NIST recommendation since 2015.

I'm surprised to learn the SRK80 is EOL, and won't be receiving further updates.

Having just purchased this device in the last week AND not finding any mention of this on the netgear website, I'm a fairly unhappy customer.

https://www.netgear.com/support/product/sxk80

Forum Discussion

Orbi AX6000 vpn from linux: OpenSSL: error:0A00018F:SSL routines::ee key too small

2 Replies

Related Content

OpenSSL Upgrade

OpenSSL 1.1.1

OpenSSL 3.0 support?

R6400v2 OpenSSL VPN Error Ubuntu

ROS 6, OpenSSL, and package updates?

NETGEAR Academy

ProSupport for Business