Netgate’s statement here Netgate Will Migrate to OpenSSL 3 in pfSense Plus Software Version 23.09 mentions “OpenSSL 3 no longer supports certificates signed with SHA1 or other older/weaker hashes.” Just to be clear, that should not affect any OpenVPN tunnels using SHA1 for their Auth digest algorithm, correct? Where should I check to make sure my certs aren’t signed with SHA1? When I get info on the user certs I created with my OpenVPN CA they say “Signature Digest: RSA-SHA256”, is that all I should worry about?
I would post in their forums for a more definitive answer but they only mention certificates but not the auth digest algorithm.
Just an update for anyone reading this in the future- the OpenVPN tunnel using SHA1 Auth digest algorithm is still supported (at least it is in 23.09.1).