On 08/26/2017 07:08 PM, Kurt Roeckx wrote:
> On Sat, Aug 26, 2017 at 02:50:37PM +0800, Gedalya wrote:
>> On 08/26/2017 02:58 AM, Kurt Roeckx wrote:
>>
>>> openvpn doesn't seem to make use of the
>>> SSL_CTX_set_min_proto_version() function yet. I've attached a
>>> patch that I didn't even try to co
On Sat, Aug 26, 2017 at 02:50:37PM +0800, Gedalya wrote:
> On 08/26/2017 02:58 AM, Kurt Roeckx wrote:
>
> > openvpn doesn't seem to make use of the
> > SSL_CTX_set_min_proto_version() function yet. I've attached a
> > patch that I didn't even try to compile that I think should do the
> > right thi
On 08/26/2017 02:58 AM, Kurt Roeckx wrote:
> openvpn doesn't seem to make use of the
> SSL_CTX_set_min_proto_version() function yet. I've attached a
> patch that I didn't even try to compile that I think should do the
> right thing.
>
Thanks for this!
It now connects fine with the setting 'tls-ver
On Fri, Aug 25, 2017 at 11:07:16PM +0800, Gedalya wrote:
> I tried openssl 1.1.0f-5 and it is indeed better with e.g. s_client.
After the upload I've been wondering if I should change it to
default set the minimum version to 1.0 again.
> However, I've locally built openvpn (and pkcs11-helper) wi
I tried openssl 1.1.0f-5 and it is indeed better with e.g. s_client.
However, I've locally built openvpn (and pkcs11-helper) with openssl 1.1.0.
I'm not sure whether this is a bug with openvpn or an issue with this latest
patch to openssl, but I've tried both these settings:
tls-version-min 1.0
t
5 matches
Mail list logo
