Hi, On Thu, Jul 15, 2021 at 12:17:45PM +0200, Ralf Hildebrandt wrote: > I have quite a few users with old openvpn versions out there which are still > using TLSv1.0. > > Problem: the log line doesn't contain the username: > > 2021-07-15 02:13:22 openvpn-gw201-int openvpn-udp 109.69.55.111:63169 Control > Channel: TLSv1, cipher TLSv1.0 ECDHE-RSA-AES256-SHA, peer certificate: 2048 > bit RSA, signature: RSA-SHA256 > > Right now I'm correlating using field #5 (IP:Port), but is there an easier > way? > > Is the TLS version in any environment variable so I can log it using a > client-connect or learn script?
Unfortunately, as Richard already said, this is not exported anywhere
useful.
So I'd go for the IV_ variables (in the client-connect env, and the log)
IV_VER=2.4.7
IV_PLAT=win
IV_GUI_VER=OpenVPN_GUI_11
I thought we also send the client SSL library, but seems we do not.
"Only TLS 1.0" very much hints at "this is a 2.3 client", so should be easy
to spot. And they really should upgrade.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
