On Thu, 2019-02-07 at 22:55 +0100, Jean-Marc wrote: > On Mon, 26 Nov 2018 23:41:13 +0100 Sebastian Andrzej Siewior <sebasti > a...@breakpoint.cc> wrote: > > On 2018-11-04 22:15:04 [+0100], Kurt Roeckx wrote: > > > > You're implying openvpn doesn't pick up the openssl.cnf changes > > > > so I have to set tls-version-min 1.0 in the server side > > > > configuration? OK, that works too. > > > > > > Your client doesn't support the settings in the openssl.cfg file. > > > Your openvpn client by defaults does TLS 1.0 only. The only way > > > for your client to do something other than TLS 1.0 is set the > > > tls-version-min variable to something. If you set it to 1.0, it > > > will do any version supported by the openssl library higher than > > > 1.0. > > > > James, is everything okay/clear? The tls-version-min option for the > > older OpenVPN version should have fixed things. Is there anything > > else or can this be considered done? > > > > > Kurt > > > > Sebastian > > Hi James, > > May I ask you if you got all the answers you needed and if it fixed > the problem.
Yes, I said that in the initial quote: setting tls-version-min in openssl.cnf works, and that's what I've done. It's just unexpected that you have to update your openvpn config files. James
signature.asc
Description: This is a digitally signed message part