[Pkg-openssl-devel] Bug#912864: openssl: new version of openssl breaks some openvpn clients
Jean-Marc
jean-marc at 6jf.be
Thu Feb 7 21:55:25 GMT 2019
On Mon, 26 Nov 2018 23:41:13 +0100 Sebastian Andrzej Siewior <sebastian at breakpoint.cc> wrote:
> On 2018-11-04 22:15:04 [+0100], Kurt Roeckx wrote:
> > > You're implying openvpn doesn't pick up the openssl.cnf changes so I
> > > have to set tls-version-min 1.0 in the server side configuration? OK,
> > > that works too.
> >
> > Your client doesn't support the settings in the openssl.cfg file. Your
> > openvpn client by defaults does TLS 1.0 only. The only way for your client
> > to do something other than TLS 1.0 is set the tls-version-min variable
> > to something. If you set it to 1.0, it will do any version
> > supported by the openssl library higher than 1.0.
>
> James, is everything okay/clear?
> The tls-version-min option for the older OpenVPN version should have
> fixed things.
> Is there anything else or can this be considered done?
>
> > Kurt
>
> Sebastian
Hi James,
May I ask you if you got all the answers you needed and if it fixed the problem.
Thank you so much.
Regards,
Jean-Marc <jean-marc at 6jf.be>
https://6jf.be/keys/ED863AD1.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20190207/38f47648/attachment.sig>
More information about the Pkg-openssl-devel
mailing list