Hi, On Sun, 26 Aug 2018 16:08:59 +0200 Antonin Kral <a.k...@bobek.cz> wrote: > * Antonin Kral <a.k...@bobek.cz> [2018-08-25 15:56] wrote: > > According to https://community.openvpn.net/openvpn/wiki/Hardening , > > OpenVPN 2.3.3 and newer should support TLS version negotiation. > > After some poking around, I have figured that server is running > > 2.3.4. So one would expect, that TLSv1.2 will work, but it doesn't. > > TLSv1 is confirmed in log > > > > Sat Aug 25 15:33:33 2018 Control Channel: TLSv1, cipher SSLv3 > > DHE-RSA-AES256-SHA, 2048 bit RSA > > > > I will try to get server upgraded to confirm, that newer version > > will basically work out of the box. > > I do confirm, that updating server side to a newer version > (2.4.0-6+deb9u1 in this case) fully solved the issue and clients are > now able to negotiate at least TLSv2.
since I can't upgrade the server (running jessie) I downgraded the client to openssl_1.1.0h-4 which also solved the problem. Regards Günter -- ------------------------------------------------------- Günter Frenz Börschgasse 16a, D-51143 Köln (h) gu...@guefz.de, gu...@freenet.de (w) f...@gso-koeln.de -------------------------------------------------------
pgpZIZz4F05pb.pgp
Description: Digitale Signatur von OpenPGP
