[Pkg-openssl-devel] Bug#912864: openssl: new version of openssl breaks some openvpn clients
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Mon Nov 26 22:41:13 GMT 2018
On 2018-11-04 22:15:04 [+0100], Kurt Roeckx wrote:
> > You're implying openvpn doesn't pick up the openssl.cnf changes so I
> > have to set tls-version-min 1.0 in the server side configuration? OK,
> > that works too.
>
> Your client doesn't support the settings in the openssl.cfg file. Your
> openvpn client by defaults does TLS 1.0 only. The only way for your client
> to do something other than TLS 1.0 is set the tls-version-min variable
> to something. If you set it to 1.0, it will do any version
> supported by the openssl library higher than 1.0.
James, is everything okay/clear?
The tls-version-min option for the older OpenVPN version should have
fixed things.
Is there anything else or can this be considered done?
> Kurt
Sebastian
More information about the Pkg-openssl-devel
mailing list