On Thu, 2019-02-07 at 22:55 +0100, Jean-Marc wrote:
> On Mon, 26 Nov 2018 23:41:13 +0100 Sebastian Andrzej Siewior a...@breakpoint.cc> wrote:
> > On 2018-11-04 22:15:04 [+0100], Kurt Roeckx wrote:
> > > > You're implying openvpn doesn't pick up the openssl.cnf changes
> > > > so I have to set
On Mon, 26 Nov 2018 23:41:13 +0100 Sebastian Andrzej Siewior
wrote:
> On 2018-11-04 22:15:04 [+0100], Kurt Roeckx wrote:
> > > You're implying openvpn doesn't pick up the openssl.cnf changes so I
> > > have to set tls-version-min 1.0 in the server side configuration? OK,
> > > that works too.
On 2018-11-04 22:15:04 [+0100], Kurt Roeckx wrote:
> > You're implying openvpn doesn't pick up the openssl.cnf changes so I
> > have to set tls-version-min 1.0 in the server side configuration? OK,
> > that works too.
>
> Your client doesn't support the settings in the openssl.cfg file. Your
>
On Sun, Nov 04, 2018 at 12:49:48PM -0800, James Bottomley wrote:
> On Sun, 2018-11-04 at 21:30 +0100, Kurt Roeckx wrote:
> > On Sun, Nov 04, 2018 at 12:13:43PM -0800, James Bottomley wrote:
> > >
> > > No, I'm saying with no client tls-version-min specified at all (the
> > > usual default openvpn
On Sun, 2018-11-04 at 21:30 +0100, Kurt Roeckx wrote:
> On Sun, Nov 04, 2018 at 12:13:43PM -0800, James Bottomley wrote:
> >
> > No, I'm saying with no client tls-version-min specified at all (the
> > usual default openvpn config) it fails in 1.1.1 and works with
> > 1.1.0
> >
> > With client
On Sun, Nov 04, 2018 at 12:13:43PM -0800, James Bottomley wrote:
>
> No, I'm saying with no client tls-version-min specified at all (the
> usual default openvpn config) it fails in 1.1.1 and works with 1.1.0
>
> With client tls-version-min set to 1.0 it works with both.
Yes, and that's totally
On Sun, 2018-11-04 at 21:10 +0100, Kurt Roeckx wrote:
> On Sun, Nov 04, 2018 at 11:39:59AM -0800, James Bottomley wrote:
> > >
> > > On which side do you use tls-version-min?
> >
> > client
> >
> > > Can you please give the version of both openvpn and openssl on
> > > both
> > > sides.
> >
>
On 2018-11-04 11:39:59 [-0800], James Bottomley wrote:
> > > OK, so I'm weary of trying to construct a theory of what the bug
> > > actually is, why don't you try to come up with one. The symptoms
> > > are
> > > that openvpn in openwrt works with server 1.1.0 and fails with
> > > server
> > >
On Sun, Nov 04, 2018 at 11:39:59AM -0800, James Bottomley wrote:
> >
> > On which side do you use tls-version-min?
>
> client
>
> > Can you please give the version of both openvpn and openssl on both
> > sides.
>
> Client is openwrt, server is debian testing. The package of the server
> was
On Sun, 2018-11-04 at 20:32 +0100, Kurt Roeckx wrote:
> On Sun, Nov 04, 2018 at 11:19:41AM -0800, James Bottomley wrote:
> > On Sun, 2018-11-04 at 20:15 +0100, Kurt Roeckx wrote:
> > > This is not at all how the version negiotation in TLS 1.2 and
> > > below works. The client just indicates the
On Sun, Nov 04, 2018 at 11:19:41AM -0800, James Bottomley wrote:
> On Sun, 2018-11-04 at 20:15 +0100, Kurt Roeckx wrote:
> > This is not at all how the version negiotation in TLS 1.2 and
> > below works. The client just indicates the highest version it
> > supports, so for instance TLS 1.2. It's
On Sun, 2018-11-04 at 20:15 +0100, Kurt Roeckx wrote:
> This is not at all how the version negiotation in TLS 1.2 and
> below works. The client just indicates the highest version it
> supports, so for instance TLS 1.2. It's then up to the server to
> pick a version that the client supports, so one
On Sun, Nov 04, 2018 at 10:19:00AM -0800, James Bottomley wrote:
> On Sun, 2018-11-04 at 18:43 +0100, Kurt Roeckx wrote:
> > Older versions of openvpn only support TLS 1.0 because they told
> > OpenSSL to only use TLS 1.0. Adding the --tls-version-min 1.0
> > should make it support all TLS
On Sun, 2018-11-04 at 18:43 +0100, Kurt Roeckx wrote:
> Older versions of openvpn only support TLS 1.0 because they told
> OpenSSL to only use TLS 1.0. Adding the --tls-version-min 1.0
> should make it support all TLS versions since openvpn 2.3.4 or
> something like that, and I think 2.4 or newer
On Sun, Nov 04, 2018 at 08:59:05AM -0800, James Bottomley wrote:
> Package: openssl
> Version: 1.1.1-2
> Severity: important
>
> I've applied all the downgrades recommended to the openssl.cnf file
> and most services are now working again with the exception of openvpn.
>
> The only failure seems
Package: openssl
Version: 1.1.1-2
Severity: important
I've applied all the downgrades recommended to the openssl.cnf file
and most services are now working again with the exception of openvpn.
The only failure seems to be a VPN connection to an openwrt router.
The router is running Chaos Calmer
16 matches
Mail list logo
