On Sat, Aug 26, 2017 at 02:50:37PM +0800, Gedalya wrote: > On 08/26/2017 02:58 AM, Kurt Roeckx wrote: > > > openvpn doesn't seem to make use of the > > SSL_CTX_set_min_proto_version() function yet. I've attached a > > patch that I didn't even try to compile that I think should do the > > right thing. > > > Thanks for this! > It now connects fine with the setting 'tls-version-min 1.0' > Everything seems to work fine, including the 5 other tunnels on this box.
I'm a little confused why you ran into this, it seems that openvpn is Debian is still linked to the libssl1.0.2, not libssl1.1. Did you build it yourself? > Perhaps this would be of interest to OpenVPN upstream? I'll file a bug about it. Kurt