tls-cipher parameter is being autoremoved?
I'm trying to deal with some problems with servers signed with old SHA1 certificates (corporate networks which aren't going to change). Everything works except TLS validation - which values with "CA signature digest algorithm too weak" (this is Ubuntu 22.04) due to the SHA1 signature.
This should be resolvable by adding --tls-cipher=DEFAULT:@SECLEVEL=0
to the OpenVPN command, and the code seems to support this. But when I actually trigger NetworkManager, the nmconnection file gets re-written to remove the tls-cipher
specification silently, and openvpn is launched without it.
I can work around this by editing the file, marking the vpn.nmconnection file as read-only to root, and it seems to prevent it - but this seems ridiculous.
My thought on this is something about how NetworkManager is triggering the connection might be round-tripping the parameters through the UI, which does not have this parameter?
Package details follow:
Package: network-manager-openvpn
Architecture: amd64
Version: 1.8.18-1
Priority: optional
Section: net
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 272
Depends: libc6 (>= 2.34), libglib2.0-0 (>= 2.35.9), libnm0 (>= 1.7.0), network-manager, openvpn, adduser
Filename: pool/main/n/network-manager-openvpn/network-manager-openvpn_1.8.18-1_amd64.deb
Size: 55750
MD5sum: 1df9c8504faab377cd52286bfb15ee7c
SHA1: ec1d10cb18df9e4f82b362dae8d7e1558ef0fada
SHA256: 72ba03c9463a9ea079dbcfbd1f7a8cab1f69e5510a0ceca5fb6a239997db0975
SHA512: 5916160cba5a89c6ad4f4f5ab7e4877559c14ab9c80b8134527cd6c51737f6351163b052a3fb4f2a368caedd67ac8f2224169b2a53485343034befc449aa574b
Homepage: https://www.gnome.org/projects/NetworkManager/
Description-en: network management framework (OpenVPN plugin core)
NetworkManager is a system network service that manages your network devices
and connections, attempting to keep active network connectivity when
available. It manages ethernet, Wi-Fi, mobile broadband (WWAN), and PPPoE
devices, and provides VPN integration with a variety of different VPN
services.
.
This package provides a VPN plugin for OpenVPN.
Description-md5: 7eae1b400dc40adcca1f940605a94dec
Task: ubuntu-desktop-minimal, ubuntu-desktop, ubuntu-mate-core, ubuntu-mate-desktop, ubuntu-budgie-desktop, ubuntu-budgie-desktop-raspi
Package: network-manager-openvpn-gnome
Architecture: amd64
Version: 1.8.18-1
Priority: optional
Section: net
Source: network-manager-openvpn
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 287
Depends: libc6 (>= 2.34), libglib2.0-0 (>= 2.34), libgtk-3-0 (>= 3.4), libnm0 (>= 1.7.0), libnma0 (>= 1.8.0), libsecret-1-0 (>= 0.18), network-manager-openvpn (= 1.8.18-1)
Filename: pool/main/n/network-manager-openvpn/network-manager-openvpn-gnome_1.8.18-1_amd64.deb
Size: 48798
MD5sum: a8fdadd6165c90239347f941b2a65555
SHA1: 548f28f909e665145b91abd4cc18533774aec59e
SHA256: 7e615e243e9df013b57581411a0cf05097336ec01e168d69f3c72a805957bf81
SHA512: e09bfc8f1cc261ed1e7e4940195f2962154d47ee96ecd718a885903cff82df9122fe52995a5a4c5967b5149d828e52e7c2136162b5e7a250917a0633a25a99d2
Homepage: https://www.gnome.org/projects/NetworkManager/
Description-en: network management framework (OpenVPN plugin GNOME GUI)
NetworkManager is a system network service that manages your network devices
and connections, attempting to keep active network connectivity when
available. It manages ethernet, Wi-Fi, mobile broadband (WWAN), and PPPoE
devices, and provides VPN integration with a variety of different VPN
services.
.
This package provides the GNOME bits of NetworkManager's OpenVPN plugin.
Description-md5: 811f2c881f50e2e963e4b1b3e32014a3
Task: ubuntu-desktop-minimal, ubuntu-desktop, ubuntu-mate-core, ubuntu-mate-desktop, ubuntu-budgie-desktop, ubuntu-budgie-desktop-raspi