Hi,
I confirm this issue. The issue is relate to what TLS version the server
supports.
Resolution:
1. downgrade to openssl_1.1.0h-4
2. edit /etc/ssl/openssl.cnf and either comment out MinProtocol option,
or try different versions from top down until openvpn connection starts
to work.
I have o
Hey,
for OpenVPN 2.3.4 on Jessie, the problem is solved for me by enforcing TLS 1.2
with
tls-version-min 1.2
in the server config.
Best
Christian
Hi,
On Sun, 26 Aug 2018 16:08:59 +0200 Antonin Kral wrote:
> * Antonin Kral [2018-08-25 15:56] wrote:
> > According to https://community.openvpn.net/openvpn/wiki/Hardening ,
> > OpenVPN 2.3.3 and newer should support TLS version negotiation.
> > After some poking around, I have figured that ser
Hi,
thank a lot Kurt.
> Anyway, that seems to mean that openvpn only supports TLS 1.0 for
> some reason. I have no idea how openvpn works, but if it uses
> TLS 1.0, it really should switch to 1.2 or 1.3.
According to https://community.openvpn.net/openvpn/wiki/Hardening , OpenVPN
2.3.3 and newer
reassign 907049 openvpn
severity 907049 serious
retitle 907049 openvpn: ssl_choose_client_version:version too low
block 907015 by 907049
thanks
On Sat, Aug 25, 2018 at 02:49:12PM +0200, Samuel Hym wrote:
> > Can you try with:
> > MinProtocol = TLSv1
> >
> > And with:
> > #MinProtocol = TLSv1.2
>
Hi Kurt,
Le 23 août 2018 à 22h20, Kurt Roeckx disait :
> On Thu, Aug 23, 2018 at 02:54:36PM +0200, Antonin Kral wrote:
> > Thu Aug 23 14:46:07 2018 OpenSSL: error:1425F18C:SSL
> > routines:ssl_choose_client_version:version too low
> > Thu Aug 23 14:46:07 2018 TLS_ERROR: BIO read tls_read_plainte
clone 907049 -1
reassign -1 offlineimap
severity -1 serious
retitle -1 offlineimap: Not using SNI
thanks
On Thu, Aug 23, 2018 at 02:54:36PM +0200, Antonin Kral wrote:
> Package: openssl
> Version: 1.1.1~~pre9-1
> Severity: critical
> Justification: renders other packages unusable
>
> Hi,
>
> I h
7 matches
Mail list logo