SparkLabs Blog.

The latest news and releases.


Viscosity For Mac & Windows: Version 1.8.4

Viscosity version 1.8.4 is now available for both macOS and Windows! This update includes two-factor token authentication improvements, an updated version of OpenSSL for OpenVPN 2.3, a low-severity security fix, and a number of small bug fixes and improvements for both platforms.

On the authentication side, a number of PKCS#11 issues have been addressed on both platforms, which should allow additional tokens and certificate/keys to be used for authentication. This should also resolve certain keys not working in the previous two releases of Viscosity.

Viscosity now also supports importing connections that include an inline username and password. These will automatically be loaded into the Keychain or Windows Credential Manager at import time for safe storage.

On the Mac Viscosity will now automatically detect when the "Disable Time Machine backups while connected" feature is blocked. macOS 10.15 requires that applications be granted the "Full Disk Access" privilege to enable or disable automatic backups. If granted, Viscosity will only use this privilege to enable/disable Time Machine backups, and only if the feature is enabled.

This update also contains two security related updates. Firstly, OpenVPN 2.3 is now updated to use OpenSSL 1.0.2u (OpenVPN 2.4 will continue to use OpenSSL 1.1.1d). With OpenSSL 1.0.2 now end of life, Viscosity will likely be dropping OpenVPN 2.3 later in the year (please keep in mind that OpenVPN 2.4 is backwards compatible with servers running older versions of OpenVPN).

Secondly, this update also addresses a low-severity security vulnerability (CVE-2020-5180). An attacker with local access could potentially run arbitrary code within Viscosity's OpenVPN sandbox by using a maliciously crafted OpenSSL engine and associated command. Such an attack is successfully contained within Viscosity's sandbox, which has de-elevated permissions and access restrictions, and so an attacker does not gain elevated local permissions (such as root or SYSTEM) on the machine and their actions are severely limited.

However, under macOS an attacker may be able to access on-disk VPN credentials (such as a certificate and private key) from other active OpenVPN connections that run within the sandbox at the same time. This does not apply to the Windows version. Because of this, we encourage those in multi-user macOS environments to update as soon as possible. Special thanks to Rich Mirch for identifying and reporting this issue.


Version 1.8.4 Mac Release Notes:

added
Import support for inline usernames and passwords
updated
OpenSSL updated to version 1.0.2u for OpenVPN 2.3
fixed
Resolves PKCS#11 issue using some RSA certificates
fixed
Resolves issue moving the menu icon on older versions of macOS
fixed
Detects if Time Machine backups could not be disabled due to macOS privileges
fixed
Resolves low-severity security vulnerability (CVE-2020-5180)
fixed
Various bug fixes and enhancements


Version 1.8.4 Windows Release Notes:

added
Import support for inline usernames and passwords
added
ECDSA support for CNG (--cryptoapicert)
added
TLS 1.3 RSA-PSS support for PKCS#11 and CNG (--cryptoapicert)
improved
Disabled DNS Mode functionality has been improved
updated
OpenSSL updated to version 1.0.2u for OpenVPN 2.3
fixed
Resolves an issue where connections failed on Windows Server Domain Controllers
fixed
Resolves issue with PKCS#11 connections using ECDSA keys
fixed
Resolves low-severity security vulnerability (CVE-2020-5180)
fixed
Resolves regression that could cause some connections to fail on 32-bit installations (Build 1651)
fixed
Various bug fixes and enhancements

The 1.8.4 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.3

Viscosity version 1.8.3 is now available for both macOS and Windows! This update is primarily a small maintenance release with bug fixes and minor enhancements.

Most notably, Viscosity will now prompt to allow connections to OpenVPN setups with certificates where a weak CA digest is detected. This should make it easier to connect to legacy servers without the need to manually adjust any advanced commands.

The Mac update also addresses a regression that could cause EC keys on PKCS#11 devices to be unusable, as well as some small fixes when running on older versions of macOS.


Version 1.8.3 Mac Release Notes:

improved
Viscosity will now prompt to allow a weak CA digest if detected
fixed
Resolves issue using EC keys on PKCS#11 devices
fixed
Resolves a potential hang on older versions of macOS when importing connections
fixed
Resolves a tap-to-click issue with the main menu on older versions of macOS
fixed
Resolves a potential crash when importing a connection (build 1521)
fixed
Various bug fixes and enhancements


Version 1.8.3 Windows Release Notes:

improved
Viscosity will now prompt to allow a weak CA digest if detected
improved
Minor user interface improvements
fixed
Various bug fixes and enhancements

The 1.8.3 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.2

Version 1.8.2 of Viscosity has been released for both macOS and Windows! This update includes both updated versions of OpenVPN (2.4.8) and OpenSSL (1.1.1d), as well as many improvements and bug fixes for both platforms.

In particular, with the update to the OpenSSL 1.1.1 branch we've been able to enable support for TLS version 1.3 and the latest ciphers in Viscosity. When connecting to up to date OpenVPN servers this will allow for more secure and performant VPN connections.

The Windows version of Viscosity has also been overhauled to allow it to run on devices using ARM processors (WoA64 support). Along with supporting ARM, we've been able to include a small additional performance boost to VPN connections.

On the Mac side, this version should feel snappier when running on macOS Catalina, as we've been able to adopt some of the new macOS frameworks. The Mac version also includes some small additional improvements, including faster handling when there are multiple VPN connections connected simultaneously, and additional AppleScript controllability.


Version 1.8.2 Mac Release Notes:

added
Support for TLS 1.3 and additional ciphers
improved
Performance of simultaneous active connections improved
improved
Application performance increased under macOS 10.15
updated
OpenVPN 2.4 updated to version 2.4.8
updated
OpenSSL updated to version 1.1.1d
fixed
Resolves potential hang when disconnecting multiple connections
fixed
Various bug fixes and enhancements


Version 1.8.2 Windows Release Notes:

added
Support for TLS 1.3 and additional ciphers
added
Windows 10 on ARM64 (WoA64) is now supported
improved
Small performance improvements in OpenVPN
updated
OpenSSL updated to version 1.1.1d on OpenVPN 2.4
updated
OpenVPN updated to version 2.4.8
updated
Visual C++ 2015-2019 runtime is now required and will be installed if not present
fixed
Resolves an issue where some connections would fail to connect on subsequent connection attempts
fixed
Resolves an issue where connections would sometimes hang during a reconnect
fixed
Resolves an issue where some .visz configurations failed to import
fixed
Various bug fixes and enhancements

The 1.8.2 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.1

Viscosity version 1.8.1 is now available for both macOS and Windows! This update is primarily a maintenance release and it includes a number of small tweaks and improvements for both platforms.

Viscosity now integrates the new U2F APIs introduced in Windows 10 1903. This provides a more native and consistent experience for users also using U2F for Windows authentication, as well as resolving U2F access issues under Windows 10 1903.

We've also worked behind the scenes to make deploying Viscosity in managed macOS environments much easier. Deployments in multi-user environments has been simplified, and the managed installer templates are now able to handle the Start on Login option without the need for custom scripts. Documentation is also now available on how to deploy Viscosity using tools like Munki and Jamf.

Finally, we've also identified some OpenVPN server setups that will unnecessarily push a route-delay command, significantly delaying connection time. Viscosity will now ignore this command when it isn't needed.


Version 1.8.1 Mac Release Notes:

added
Improved support for deploying Viscosity in managed environments
improved
Ignores unnecessary pushed route-delay commands
fixed
Workaround to allow loading the PKCS#11 driver for SafeNet tokens
fixed
Various bug fixes and enhancements


Version 1.8.1 Windows Release Notes:

added
Adopts native Windows U2F integration on Windows 10 1903+
improved
Ignores unnecessary pushed route-delay commands
fixed
Resolves issue where IPv6 DNS Servers may not be used
fixed
Various bug fixes and enhancements

The 1.8.1 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8

Viscosity 1.8 is now available for both macOS and Windows! This is a big update, with significant performance improvements for VPN connections. Both macOS and Windows users should immediately notice their OpenVPN connections connecting faster, with slightly lowered CPU usage. Windows users should also notice significantly improved maximum throughput on high-speed network connections.

A traffic graph has also been added to the main menu, providing a quick overview of how your VPN connection is being utilised without needing to open the Details menu. The style of this graph can also be customised from the Appearance section, or turned off for those who prefer to keep things simple.

By popular demand we've also overhauled Viscosity's menu icon system. Not only has this allowed us to include some snappy new icon designs to choose from, all icons now feel much more at home on both macOS and Windows. In particular, on macOS icons with coloured components will now look great in both light and dark mode, behave correctly when selected, and on secondary monitors as well.

On Windows Viscosity now also supports Network Location Awareness for routed/TUN connections. This will resolve an issue that caused some applications, including Microsoft Office and many UWP based apps, from failing to detect that a network connection is available when a VPN connection is connected.

Finally, version 1.8 also brings offical support for macOS 10.15 (Catalina), which is expected to be released next month.


Version 1.8 Mac Release Notes:

added
Main menu traffic graph for active VPN connections
added
Appearance customisation options for the menu traffic graph
added
New menu icons are available in the Appearance section
improved
Improved support for macOS 10.15 (Catalina)
improved
VPN connections will now establish faster
improved
Reduces CPU usage when using higher log verbosity levels
improved
Complete Dark Mode support for menu items with color
updated
OpenSSL updated to version 1.0.2t
fixed
Resolves a potential crash when rapidly connecting and disconnecting connections
fixed
Resolves a potential crash if ifconfig cannot be run
fixed
Resolves a potential hang when using Reset network interfaces on disconnect
fixed
Resolves flickering of the menu icon animation when changing states
fixed
Various bug fixes and enhancements


Version 1.8 Windows Release Notes:

added
Main menu traffic graph for active VPN connections
added
Appearance customisation options for the menu traffic graph
added
New menu icons are available in the Appearance section
improved
VPN connections will now establish faster
improved
Faster maximum throughput of VPN connections
improved
Network Interfaces can now be created without disconnecting other connections
improved
Windows Network Location Awareness will now take place for TUN connections
updated
Updates OpenSSL to version 1.0.2t
fixed
Various bug fixes and enhancements

The 1.8 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.16

Viscosity version 1.7.16 is now available for both macOS and Windows! This update is primarily a small maintenance release with a focus on bug fixes and minor enhancements.

The Mac update addresses a regression that could result in reachability checks to fail when using a fixed IP version for remote OpenVPN (or proxy) servers, while the Windows update includes a fix for VPN connections using non-standard MTU values. Also included for both platforms are a number of minor requested enhancements to the user interface and connection performance.


Version 1.7.16 Mac Release Notes:

updated
OpenSSL updated to version 1.0.2s
fixed
Reachability checks will no longer fail when using a fixed IP version
fixed
Various bug fixes and enhancements


Version 1.7.16 Windows Release Notes:

updated
Updates OpenSSL to version 1.0.2s
fixed
Resolves issue where a non-default MTU may not be applied to the adapter
fixed
Various bug fixes and enhancements

The 1.7.16 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.15

Viscosity version 1.7.15 is now available for both Mac and Windows! This version includes U2F and PKCS#11 improvements, updated versions of both OpenVPN and OpenSSL, and a number of fixes and improvements for both platforms.

We've placed a focus on two-factor authentication for this release, with general improvements to Viscosity's U2F authentication support, including the ability to use U2F tokens from additional manufacturers. PKCS#11 support has also been improved in the Windows version, with smoother handling of problems that may arise when using a token or smartcard.

On the maintenance front, OpenVPN has been updated to version 2.4.7, which includes a number of small bug fixes. OpenSSL has also been updated to version 1.0.2r. The Windows release also includes an updated VPN network adapter driver with slightly improved performance, while the macOS release fixes an issue that could result in some VPN connections failing to try additional remote servers if the first one fails to connect.


Version 1.7.15 Mac Release Notes:

added
Additional U2F devices are now supported
updated
OpenVPN 2.4 updated to version 2.4.7
updated
OpenSSL updated to version 1.0.2r
updated
Adds notarization for increased security
fixed
Resolves failure to fallback to secondary remote servers with some connections
fixed
Resolves a potential crash on macOS 10.14.4+ when updating the helper
fixed
Resolves a potential crash when importing a large number of connections
fixed
Fixes regression that could result in PKCS#11 drivers failing to load (build 1488)
fixed
Various bug fixes and enhancements
removed
OS X 10.10 is no longer supported


Version 1.7.15 Windows Release Notes:

added
Additional U2F devices are now supported
improved
Improved handling of PKCS#11 errors
updated
Updates OpenVPN to version 2.4.7
updated
Updates OpenSSL to version 1.0.2r
updated
VPN Network Adapter driver updated
fixed
Various bug fixes and enhancements

The 1.7.15 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.14

Viscosity version 1.7.14 is now available for both Mac and Windows! This is a maintenance update that resolves a number of small regressions that unfortunately snuck into the 1.7.13 release, as well as a number of additional minor bug fixes.

In particular, this update fixes an issue that could cause certain OpenVPN files to be blocked from loading under the new Windows sandbox. If you received an error message similar to "Cannot load certificate file" in your connection log with version 1.7.13, this was unfortunately the cause, and it should now be resolved. For further information please refer to the release notes below.


Version 1.7.14 Mac Release Notes:

fixed
Resolves regression connecting certain static-key connections
fixed
Various bug fixes and enhancements


Version 1.7.14 Windows Release Notes:

fixed
Resolves sandbox regression that could prevent connection files from being loaded
fixed
Resolves sandbox regression that prevented cryptoapicert command from functioning
fixed
Various bug fixes and enhancements

The 1.7.14 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.13

Viscosity version 1.7.13 is now available for both Mac and Windows! This version includes security and performance enhancements for the Windows release, an updated version of OpenSSL, and a number of small tweaks and improvements for both platforms.

Previously version 1.7.8 of Viscosity for Mac introduced sandboxing and privilege deescalation of the OpenVPN process for added security. These security features help to protect against possible future threats that could arise against OpenVPN itself, both local and remote. We're pleased to announce that the 1.7.13 update has added these features to the Windows version as well. This all happens behind the scenes, and shouldn't have any noticeable effect on your VPN connections.

The Windows version also includes reworked PKCS#11 support for improved library loading and token support, and a 64-bit build of OpenVPN. The Mac version also includes a number of improvements to its main menu for improved functionality, as well as a number of small tweaks to keep OpenVPN connections running smoothly.


Version 1.7.13 Mac Release Notes:

improved
Improves compatibility with menu bar managers
improved
Improves main menu automatic resizing and positioning
updated
OpenSSL updated to version 1.0.2q
fixed
Avoids rapid reconnect attempts when a local TLS error occurs
fixed
Avoids potentially delaying a manual computer sleep when there are active connections
fixed
Workaround for potential DNS resolution errors when OpenVPN performs a reconnect
fixed
Various bug fixes and enhancements


Version 1.7.13 Windows Release Notes:

improved
Sandboxing of the OpenVPN process for added security
improved
Significant improvements to PKCS#11 device and driver handling
improved
OpenVPN is now a native 64-bit binary on x64 systems
updated
OpenSSL updated to version 1.0.2q
updated
VPN Network Adapter driver updated
updated
.NET 4.6.2 or later is now required
fixed
Various bug fixes and enhancements

The 1.7.13 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.12

Version 1.7.12 of Viscosity has been released for both macOS and Windows! Along with a number of improvements and bug fixes, this release adds improved support for macOS 10.14 (Mojave), including Dark Mode support.

Also on the macOS side of things, this release includes a new menu system built from the ground up with significant performance improvements. Users with a large number of connections should notice vastly improved performance, while accessibility access using the keyboard has also been enhanced.

OpenSSL has also been updated to version 1.0.2p, while support for OS X 10.9 (Mavericks) has been removed.


Version 1.7.12 Mac Release Notes:

added
Support for Dark Mode in macOS 10.14 (Mojave)
improved
Improved support for macOS 10.14 (Mojave)
improved
Main menu performance significantly improved
improved
Keyboard accessibility of the main menu improved
updated
OpenSSL updated to version 1.0.2p
fixed
Resolves issue setting the working directory for scripts
fixed
Resolves issue scrolling the main menu with many connections
fixed
Prevents reconnects when cancelling certain PKCS#11 requests
fixed
Various bug fixes and enhancements
removed
OS X 10.9 is no longer supported


Version 1.7.12 Windows Release Notes:

added
Connection scripts now have a 60 second timeout
updated
OpenSSL updated to 1.0.2p
fixed
Prevents reconnects when cancelling certain PKCS#11 requests
fixed
Fixes issue where some SRV DNS records were not resolved
fixed
Various bug fixes and enhancements

The 1.7.12 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.