[Pkg-openssl-devel] Bug#912864: Bug#912864: openssl: new version of openssl breaks some openvpn clients
James Bottomley
James.Bottomley at HansenPartnership.com
Sun Nov 4 20:13:43 GMT 2018
On Sun, 2018-11-04 at 21:10 +0100, Kurt Roeckx wrote:
> On Sun, Nov 04, 2018 at 11:39:59AM -0800, James Bottomley wrote:
> > >
> > > On which side do you use tls-version-min?
> >
> > client
> >
> > > Can you please give the version of both openvpn and openssl on
> > > both
> > > sides.
> >
> > Client is openwrt, server is debian testing. The package of the
> > server
> > was already provided in the bug report, but again it's
> >
> > openssl 1.1.1-2
> > openvpn 2.4.6-1
> >
> > Packages on the openwrt client are
> >
> > libopenssl 1.0.2g-1
> > openvpn-openssl 2.3.6-5
>
> So you're saying that even with tls-version-min 1.0 on your
> client side and with openssl.cnf changed on the server it's still
> not working?
No, I'm saying with no client tls-version-min specified at all (the
usual default openvpn config) it fails in 1.1.1 and works with 1.1.0
With client tls-version-min set to 1.0 it works with both.
James
More information about the Pkg-openssl-devel
mailing list