Publication date: 2020-02-29
An OpenVPN installation failed to work after upgrading the operating system to the current stable Debian release. OpenVPN complains regarding insufficient key length of the Diffie Hellman key used in a configured connection.
The clean and secure solution os to create and use a dh key with greater key length.
Creation of a new key:
openssl dhparam -out /etc/openvpn/dh2048.pem 2048
If you can't change the key for whatever reasons and the unchanged level of security is considered okay , it is also possible to disable the check.
Remove "CipherString = DEFAULT@SECLEVEL=2" from "/etc/ssl/openssl.cnf" for this.