> Any of the suggested patches should determine that. The quickest and > simplest is in > > src/openvpn/ssl_openssl.c > ...
OK, with the attached patch it does appear to work for me. I'll give it some more exercise tomorrow morning, but in a quick test the tunnel does now appear to come up properly.
--- openvpn-2.3.3/src/openvpn/ssl_openssl.c.dist 2014-04-28
15:40:11.000000000 +0100
+++ openvpn-2.3.3/src/openvpn/ssl_openssl.c 2014-04-28 15:40:39.000000000
+0100
@@ -208,6 +208,7 @@
/* process SSL options including minimum TLS version we will accept from
peer */
{
long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET | SSL_OP_NO_SSLv2 |
SSL_OP_NO_SSLv3;
+ sslopt |= SSL_OP_NO_TLSv1_2;
const int tls_version_min = (ssl_flags >> SSLF_TLS_VERSION_SHIFT) &
SSLF_TLS_VERSION_MASK;
if (tls_version_min > TLS_VER_1_0)
sslopt |= SSL_OP_NO_TLSv1;
George D M Ross MSc PhD CEng MBCS CITP, University of Edinburgh, School of Informatics, 10 Crichton Street, Edinburgh, Scotland, EH8 9AB Mail: g...@inf.ed.ac.uk Voice: 0131 650 5147 Fax: 0131 650 6899 PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5 The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
pgpgtBogJEimK.pgp
Description: PGP signature
The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
