[Pkg-openssl-devel] Bug#912864: Bug#912864: openssl: new version of openssl breaks some openvpn clients
James Bottomley
James.Bottomley at HansenPartnership.com
Sun Nov 4 20:49:48 GMT 2018
On Sun, 2018-11-04 at 21:30 +0100, Kurt Roeckx wrote:
> On Sun, Nov 04, 2018 at 12:13:43PM -0800, James Bottomley wrote:
> >
> > No, I'm saying with no client tls-version-min specified at all (the
> > usual default openvpn config) it fails in 1.1.1 and works with
> > 1.1.0
> >
> > With client tls-version-min set to 1.0 it works with both.
>
> Yes, and that's totally what I expected, and have been explaining.
> The 2.3.X version only want to do TLS 1.0 unless you specify
> "tls-version-min 1.0", in which case they also do TLS 1.2.
You're implying openvpn doesn't pick up the openssl.cnf changes so I
have to set tls-version-min 1.0 in the server side configuration? OK,
that works too.
> So I'm failing to see what this bug report is about.
When you upgrade from openssl 1.1.0 to 1.1.1 causes an openvpn
connection failure which the upgrade instructions don't fix. It also
seems to me there are probably quite a few other openssl.cnf blind
applications in the system which will fail in a similar fashion.
James
More information about the Pkg-openssl-devel
mailing list