[Pkg-openssl-devel] Bug#907049: Bug#907049: openssl: Update to 1.1.1~~pre9-1 makes certain programs unusable

Samuel Hym samuel.hym+bugs at rustyne.lautre.net
Sat Aug 25 13:49:12 BST 2018


Hi Kurt,

Le 23 août 2018 à 22h20, Kurt Roeckx disait :

> On Thu, Aug 23, 2018 at 02:54:36PM +0200, Antonin Kral wrote:
> > Thu Aug 23 14:46:07 2018 OpenSSL: error:1425F18C:SSL routines:ssl_choose_client_version:version too low
> > Thu Aug 23 14:46:07 2018 TLS_ERROR: BIO read tls_read_plaintext error
> > Thu Aug 23 14:46:07 2018 TLS Error: TLS object -> incoming plaintext read error
> > Thu Aug 23 14:46:07 2018 TLS Error: TLS handshake failed

I have the same issue.

> This is most likely caused by this in /etc/ssl/openssl.cnf:
> [system_default_sect]
> MinProtocol = TLSv1.2
> CipherString = DEFAULT at SECLEVEL=2
> 
> Does openvpn use DTLS?

I don’t know about that but…

> Can you try with:
> MinProtocol = TLSv1
> 
> And with:
> #MinProtocol = TLSv1.2

Both options work in my case.
So I leave the first enabled, I guess it is a bit more secure than
commenting it out.

Thank you very much!
Samuel



More information about the Pkg-openssl-devel mailing list