Am 21.04.20 um 12:18 schrieb Arne Schwabe: Hi,
>>> I am attaching my /etc/ssl/openssl.cnf (if for some reason it fails, I will >>> paste the contents instead). As far as I know, this is the default >>> /etc/ssl/ openssl.cnf file that comes with Debian, except the "MinProtocol" >>> parameter, which I had to change for one specific VPN to work (it was using >>> TLSv1.0 instead of TLSv1.2). >> >> It seems that the culprit is the (non-default) setting MinProtocol = >> TLSv1.0, >> which I had to modify to be able to use a specific VPN server. Changing the >> value to "MinProtocol = TLSv1.2" does not produce the error anymore. > > Sidenote. That MinProtocol = TLSv1.0 is wrong. It needs to be > MinProtocol = TLSv1 for obvious reasons :P > > Anyway here is a patch that fixes the problem of not loading > certificates: https://patchwork.openvpn.net/patch/1095/ Cool, thanks. Jonas, can you test that "MinProtocol = TLSv1" works? Do you need a test-build for 2.4.9 with that patch applied? Bernhard