> On Apr 16, 2015, at 10:44, Jan Just Keijser <janj...@nikhef.nl> wrote:
> this is important info - openssl 0.9.9. is fairly old, but still supported by
> OpenVPN; however, it seems that the default cipher chosen by your openssl lib
> is an SSLv2 one.
Great info! Thanks again much for all of your help…
> Can you try adding the flag
> tls-version-min 1
> to the server config?
Not with openvpn 2.3.6, it seems:
Apr 16 10:47:11 bifröst openvpn[6175]: Options error: unknown tls-version-min
parameter: 1
Using “1.0" parses, but doesn’t fix the problem. Same results. Trying 1.1
or 1.2 produce the same "unknown tls-version-min parameter” error on startup.
> Alternatively, upgrade openssl to 1.0.1 on the server side. You can link
> openvpn against a custom version of OpenSSL so you won't have to upgrade the
> system library.
Hmm. I don’t _want_ to have two openssl libraries on the system, but it is
something I can do if needed. Anything else I can try to manually specify a
TLS cipher on the server side, first?
- Chris
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
