I am using OpenSSH and OpenVPN on Raspbian. I've been trying to set up a VPN server, and after following
this tutorial I was able to make a fully functional VPN server and OVPN client file. However upon further investigation, my certs and the tunnel were defaulting to SHA-1. So I googled, found out how to change the defaults in OpenSSL and OpenVPN, and re-generated all of my keys. Upon reboot I was greeted with the log message: "Message Hash Algorithm 'SHA-256' not found (OpenSSL)".
Because the version in the Raspbian git was old, I updated to the one in the "jessie" repository, which got me to OpenSSL v1.0.1k and OpenVPN 2.2.1 - as I assumed the old build didn't have SHA2 built in. But alas, same error. OpenVPN lists sha-256 and variants, but openssl only lists md4, md5, rmd160, sha, sha1 as message digest options.
More googling suggested that it could be how OpenSSL was built, so I downloaded the source and was about to build 1.0.2c from scratch. However I stopped when I looked at the readme and the only message digests it listed were md5, md2, sha, sha1, mdc2.
Am I misunderstanding this? I thought SHA-1 was insecure and we were supposed to be migrating away from it. I'm not trying to set up the most secure VPN in the world, but since this box is facing the world while living on my private network, I wanted to make sure it stood a decent chance of being secure. Is SHA-1 the most secure message digest currently available? Does the digest not matter as much as the cipher? Is the digest different from the 'hash algorithm'?
Any help or insight into something I'm not understanding would be very much appreciated. Thanks.