[Pkg-openssl-devel] Bug#912864: Bug#912864: openssl: new version of openssl breaks some openvpn clients
James Bottomley
James.Bottomley at HansenPartnership.com
Sun Nov 4 19:39:59 GMT 2018
On Sun, 2018-11-04 at 20:32 +0100, Kurt Roeckx wrote:
> On Sun, Nov 04, 2018 at 11:19:41AM -0800, James Bottomley wrote:
> > On Sun, 2018-11-04 at 20:15 +0100, Kurt Roeckx wrote:
> > > This is not at all how the version negiotation in TLS 1.2 and
> > > below works. The client just indicates the highest version it
> > > supports, so for instance TLS 1.2. It's then up to the server to
> > > pick a version that the client supports, so one that is smaller
> > > than
> > > TLS 1.2, and it might pick TLS 1.0 or 1.2. It will then send a
> > > server
> > > hello with that version.
> >
> > OK, so I'm weary of trying to construct a theory of what the bug
> > actually is, why don't you try to come up with one. The symptoms
> > are
> > that openvpn in openwrt works with server 1.1.0 and fails with
> > server
> > 1.1.1 if you don't specify tls-version-min 1.0 on the command line.
>
> On which side do you use tls-version-min?
client
> Can you please give the version of both openvpn and openssl on both
> sides.
Client is openwrt, server is debian testing. The package of the server
was already provided in the bug report, but again it's
openssl 1.1.1-2
openvpn 2.4.6-1
Packages on the openwrt client are
libopenssl 1.0.2g-1
openvpn-openssl 2.3.6-5
James
More information about the Pkg-openssl-devel
mailing list