[Pkg-openssl-devel] Bug#871987: openvpn
Gedalya
gedalya at gedalya.net
Fri Aug 25 15:07:16 UTC 2017
I tried openssl 1.1.0f-5 and it is indeed better with e.g. s_client.
However, I've locally built openvpn (and pkcs11-helper) with openssl 1.1.0.
I'm not sure whether this is a bug with openvpn or an issue with this latest
patch to openssl, but I've tried both these settings:
tls-version-min 1.0
tls-version-max 1.0
in an openvpn client config, connecting to an old server supporting only
TLS 1.0, and it doesn't work. It did of course work with with openssl 1.1.0f-3.
with 1.1.0f-5, I get:
OpenSSL: error:141640BF:SSL routines:tls_construct_client_hello:no protocols available
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
More information about the Pkg-openssl-devel
mailing list