On 16/04/15 08:40, Chris Ross wrote:
> On Apr 15, 2015, at 12:35 , Jan Just Keijser <janj...@nikhef.nl> wrote:
>> the cipher list looks OK; I've just tried in my setup and it's definitely
>> the TLS cipher, not the "cipher" option - that would lead to a different
>> error message.
> So, it looks like the available TLS ciphers are okay between my client and
> my server. And based on the other notes in the thread, I think I'm using
> compatible certificates. Is there a way to figure out what TLS cipher the
> client is trying to use? What "verb" level should I use on the client side
> to make sure I get that information logged?
>
> Any other thoughts as to what is going on to cause the "no shared cipher"
> error I'm seeing?
>
> Thanks. I'll pick this up again in the morning, let me know any more
> information I can gather to help you all help me. :-)
>
>
if no list of TLS ciphers is specified then the client will attempt the
full list of ciphers that you see with "--with-tls" ; with OpenSSL it is
actually quite hard to tell which ciphers it is trying and in which
order. I'm saying OpenSSL here, as it's a an SSL library call that does
this part. For PolarSSL builds the same applies, IIRC.
One thing you could try is to run the underlying openssl command on both
client and server:
server:
openssl s_server -msg -CAfile ca.crt -cert server.crt -key server.key
client:
openssl s_client -connect <server-IP>:4433
(adjust ca.crt and server.{crt,key} to your setup).
The server should print the list of shared ciphers.
HTH,
JJK
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
