Thanks for that. This fixes my server test rig, which sets --tls-version-min to accept connections from very old clients - it will now (still) fail old clients that can not do TLS 1.2 (namely, OpenVPN 2.2(!) - 2.3 and up are fine), but it will not fail "everything else" as the current code did.
Your patch has been applied to the master branch. commit c535fa7afe45937bbc7dda435b2b05e57f7ecd53 (master) Author: Max Fillinger Date: Wed Jul 3 19:41:58 2024 +0200 mbedtls: Warn if --tls-version-min is too low Signed-off-by: Max Fillinger <maximilian.fillin...@foxcrypto.com> Acked-by: Arne Schwabe <arne-open...@rfc2549.org> Message-Id: <20240703174158.7137-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28865.html Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel