On 2018-11-04 22:15:04 [+0100], Kurt Roeckx wrote: > > You're implying openvpn doesn't pick up the openssl.cnf changes so I > > have to set tls-version-min 1.0 in the server side configuration? OK, > > that works too. > > Your client doesn't support the settings in the openssl.cfg file. Your > openvpn client by defaults does TLS 1.0 only. The only way for your client > to do something other than TLS 1.0 is set the tls-version-min variable > to something. If you set it to 1.0, it will do any version > supported by the openssl library higher than 1.0.
James, is everything okay/clear? The tls-version-min option for the older OpenVPN version should have fixed things. Is there anything else or can this be considered done? > Kurt Sebastian