Openvpn TLS 1.2 cipher suites
up vote
0
down vote
favorite
This is a repost of my original question (openvpn tls 1.2)
The problem is split in two because a solution was found for the 128-bit cipher suites.
Openvpn can't connect with these cipher suites:
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
I would like to know if anyone else is using those sucessfully.
I run current version 2.3.6, compiled from source.
Tried with various Linux-Distros and Windows clients.
According to the wiki the ciphers should be working:
https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher
Client error:
[... Desktop]$ sudo openvpn home.ovpn
Sat Jan 24 15:18:28 2015 OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 24 2015
Sat Jan 24 15:18:28 2015 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.08
Sat Jan 24 15:18:28 2015 WARNING: file 'home/client1.key' is group or others accessible
Sat Jan 24 15:18:28 2015 WARNING: file 'home/ta.key' is group or others accessible
Sat Jan 24 15:18:28 2015 Control Channel Authentication: using 'home/ta.key' as a OpenVPN static key file
Sat Jan 24 15:18:28 2015 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Jan 24 15:18:28 2015 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Jan 24 15:18:28 2015 Attempting to establish TCP connection with [AF_INET]192.168.1.67:1194 [nonblock]
Sat Jan 24 15:18:29 2015 TCP connection established with [AF_INET]192.168.1.67:1194
Sat Jan 24 15:18:29 2015 TCPv4_CLIENT link local: [undef]
Sat Jan 24 15:18:29 2015 TCPv4_CLIENT link remote: [AF_INET]192.168.1.67:1194
Sat Jan 24 15:18:29 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:140830B5:SSL routines:SSL3_CLIENT_HELLO:no ciphers available
Sat Jan 24 15:18:29 2015 TLS Error: TLS object -> incoming plaintext read error
Sat Jan 24 15:18:29 2015 TLS Error: TLS handshake failed
Sat Jan 24 15:18:29 2015 Fatal TLS error (check_tls_errors_co), restarting
Sat Jan 24 15:18:29 2015 SIGUSR1[soft,tls-error] received, process restarting
Sat Jan 24 15:18:30 2015 SIGINT[hard,init_instance] received, process exiting
Server Error:
http://pastebin.com/DKR76FAy
vpn openvpn tls
add a comment |
up vote
0
down vote
favorite
This is a repost of my original question (openvpn tls 1.2)
The problem is split in two because a solution was found for the 128-bit cipher suites.
Openvpn can't connect with these cipher suites:
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
I would like to know if anyone else is using those sucessfully.
I run current version 2.3.6, compiled from source.
Tried with various Linux-Distros and Windows clients.
According to the wiki the ciphers should be working:
https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher
Client error:
[... Desktop]$ sudo openvpn home.ovpn
Sat Jan 24 15:18:28 2015 OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 24 2015
Sat Jan 24 15:18:28 2015 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.08
Sat Jan 24 15:18:28 2015 WARNING: file 'home/client1.key' is group or others accessible
Sat Jan 24 15:18:28 2015 WARNING: file 'home/ta.key' is group or others accessible
Sat Jan 24 15:18:28 2015 Control Channel Authentication: using 'home/ta.key' as a OpenVPN static key file
Sat Jan 24 15:18:28 2015 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Jan 24 15:18:28 2015 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Jan 24 15:18:28 2015 Attempting to establish TCP connection with [AF_INET]192.168.1.67:1194 [nonblock]
Sat Jan 24 15:18:29 2015 TCP connection established with [AF_INET]192.168.1.67:1194
Sat Jan 24 15:18:29 2015 TCPv4_CLIENT link local: [undef]
Sat Jan 24 15:18:29 2015 TCPv4_CLIENT link remote: [AF_INET]192.168.1.67:1194
Sat Jan 24 15:18:29 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:140830B5:SSL routines:SSL3_CLIENT_HELLO:no ciphers available
Sat Jan 24 15:18:29 2015 TLS Error: TLS object -> incoming plaintext read error
Sat Jan 24 15:18:29 2015 TLS Error: TLS handshake failed
Sat Jan 24 15:18:29 2015 Fatal TLS error (check_tls_errors_co), restarting
Sat Jan 24 15:18:29 2015 SIGUSR1[soft,tls-error] received, process restarting
Sat Jan 24 15:18:30 2015 SIGINT[hard,init_instance] received, process exiting
Server Error:
http://pastebin.com/DKR76FAy
vpn openvpn tls
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
This is a repost of my original question (openvpn tls 1.2)
The problem is split in two because a solution was found for the 128-bit cipher suites.
Openvpn can't connect with these cipher suites:
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
I would like to know if anyone else is using those sucessfully.
I run current version 2.3.6, compiled from source.
Tried with various Linux-Distros and Windows clients.
According to the wiki the ciphers should be working:
https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher
Client error:
[... Desktop]$ sudo openvpn home.ovpn
Sat Jan 24 15:18:28 2015 OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 24 2015
Sat Jan 24 15:18:28 2015 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.08
Sat Jan 24 15:18:28 2015 WARNING: file 'home/client1.key' is group or others accessible
Sat Jan 24 15:18:28 2015 WARNING: file 'home/ta.key' is group or others accessible
Sat Jan 24 15:18:28 2015 Control Channel Authentication: using 'home/ta.key' as a OpenVPN static key file
Sat Jan 24 15:18:28 2015 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Jan 24 15:18:28 2015 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Jan 24 15:18:28 2015 Attempting to establish TCP connection with [AF_INET]192.168.1.67:1194 [nonblock]
Sat Jan 24 15:18:29 2015 TCP connection established with [AF_INET]192.168.1.67:1194
Sat Jan 24 15:18:29 2015 TCPv4_CLIENT link local: [undef]
Sat Jan 24 15:18:29 2015 TCPv4_CLIENT link remote: [AF_INET]192.168.1.67:1194
Sat Jan 24 15:18:29 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:140830B5:SSL routines:SSL3_CLIENT_HELLO:no ciphers available
Sat Jan 24 15:18:29 2015 TLS Error: TLS object -> incoming plaintext read error
Sat Jan 24 15:18:29 2015 TLS Error: TLS handshake failed
Sat Jan 24 15:18:29 2015 Fatal TLS error (check_tls_errors_co), restarting
Sat Jan 24 15:18:29 2015 SIGUSR1[soft,tls-error] received, process restarting
Sat Jan 24 15:18:30 2015 SIGINT[hard,init_instance] received, process exiting
Server Error:
http://pastebin.com/DKR76FAy
vpn openvpn tls
This is a repost of my original question (openvpn tls 1.2)
The problem is split in two because a solution was found for the 128-bit cipher suites.
Openvpn can't connect with these cipher suites:
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
I would like to know if anyone else is using those sucessfully.
I run current version 2.3.6, compiled from source.
Tried with various Linux-Distros and Windows clients.
According to the wiki the ciphers should be working:
https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher
Client error:
[... Desktop]$ sudo openvpn home.ovpn
Sat Jan 24 15:18:28 2015 OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 24 2015
Sat Jan 24 15:18:28 2015 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.08
Sat Jan 24 15:18:28 2015 WARNING: file 'home/client1.key' is group or others accessible
Sat Jan 24 15:18:28 2015 WARNING: file 'home/ta.key' is group or others accessible
Sat Jan 24 15:18:28 2015 Control Channel Authentication: using 'home/ta.key' as a OpenVPN static key file
Sat Jan 24 15:18:28 2015 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Jan 24 15:18:28 2015 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Jan 24 15:18:28 2015 Attempting to establish TCP connection with [AF_INET]192.168.1.67:1194 [nonblock]
Sat Jan 24 15:18:29 2015 TCP connection established with [AF_INET]192.168.1.67:1194
Sat Jan 24 15:18:29 2015 TCPv4_CLIENT link local: [undef]
Sat Jan 24 15:18:29 2015 TCPv4_CLIENT link remote: [AF_INET]192.168.1.67:1194
Sat Jan 24 15:18:29 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:140830B5:SSL routines:SSL3_CLIENT_HELLO:no ciphers available
Sat Jan 24 15:18:29 2015 TLS Error: TLS object -> incoming plaintext read error
Sat Jan 24 15:18:29 2015 TLS Error: TLS handshake failed
Sat Jan 24 15:18:29 2015 Fatal TLS error (check_tls_errors_co), restarting
Sat Jan 24 15:18:29 2015 SIGUSR1[soft,tls-error] received, process restarting
Sat Jan 24 15:18:30 2015 SIGINT[hard,init_instance] received, process exiting
Server Error:
http://pastebin.com/DKR76FAy
vpn openvpn tls
vpn openvpn tls
edited Mar 20 '17 at 10:17
Community♦
1
1
asked Jan 27 '15 at 16:20
misterix
624
624
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
Yes, this should work, and works for me:
$ openvpn --config loopback-client --tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 --tls-version-min 1.0
Thu Jan 29 00:13:13 2015 OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 16 2014
Thu Jan 29 00:13:13 2015 library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
[...]
Thu Jan 29 00:13:13 2015 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Jan 29 00:13:13 2015 [Test-Server] Peer Connection Initiated with [AF_INET]127.0.0.1:16000
Thu Jan 29 00:13:14 2015 Initialization Sequence Completed
This is using the default loopback-server and loopback-client config files supplied with openvpn. Make sure to add tls-version-min 1.0
(or 1.2, if you want to enforce that) to the configs at both ends. Other than that, I did not do anything special.
Is specifically AES-256 the problem? I.e, do you get the same behaviour with TLS-DHE-RSA-WITH-AES-128-CBC-SHA vs TLS-DHE-RSA-WITH-AES-256-CBC-SHA?
With loopback-client it works for me aswell. Try the same in an actual config and it can't establish a connection.
– misterix
Feb 6 '15 at 23:14
Sorry, it took me a while to find some spare cycles, but I just retried with openvpn 2.3.6 (from swupdate.openvpn.net) on Ubuntu Utopic, and also with normal client/server configs, connect succeeds:$ openvpn --config client.conf --tls-version-min 1.0
OpenVPN 2.3.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 22 2015
library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2015 [Test-Server] Peer Connection Initiated with [AF_INET]10.1.1.1:1194
– Steffan Karger
Mar 15 '15 at 19:04
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Yes, this should work, and works for me:
$ openvpn --config loopback-client --tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 --tls-version-min 1.0
Thu Jan 29 00:13:13 2015 OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 16 2014
Thu Jan 29 00:13:13 2015 library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
[...]
Thu Jan 29 00:13:13 2015 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Jan 29 00:13:13 2015 [Test-Server] Peer Connection Initiated with [AF_INET]127.0.0.1:16000
Thu Jan 29 00:13:14 2015 Initialization Sequence Completed
This is using the default loopback-server and loopback-client config files supplied with openvpn. Make sure to add tls-version-min 1.0
(or 1.2, if you want to enforce that) to the configs at both ends. Other than that, I did not do anything special.
Is specifically AES-256 the problem? I.e, do you get the same behaviour with TLS-DHE-RSA-WITH-AES-128-CBC-SHA vs TLS-DHE-RSA-WITH-AES-256-CBC-SHA?
With loopback-client it works for me aswell. Try the same in an actual config and it can't establish a connection.
– misterix
Feb 6 '15 at 23:14
Sorry, it took me a while to find some spare cycles, but I just retried with openvpn 2.3.6 (from swupdate.openvpn.net) on Ubuntu Utopic, and also with normal client/server configs, connect succeeds:$ openvpn --config client.conf --tls-version-min 1.0
OpenVPN 2.3.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 22 2015
library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2015 [Test-Server] Peer Connection Initiated with [AF_INET]10.1.1.1:1194
– Steffan Karger
Mar 15 '15 at 19:04
add a comment |
up vote
0
down vote
Yes, this should work, and works for me:
$ openvpn --config loopback-client --tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 --tls-version-min 1.0
Thu Jan 29 00:13:13 2015 OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 16 2014
Thu Jan 29 00:13:13 2015 library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
[...]
Thu Jan 29 00:13:13 2015 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Jan 29 00:13:13 2015 [Test-Server] Peer Connection Initiated with [AF_INET]127.0.0.1:16000
Thu Jan 29 00:13:14 2015 Initialization Sequence Completed
This is using the default loopback-server and loopback-client config files supplied with openvpn. Make sure to add tls-version-min 1.0
(or 1.2, if you want to enforce that) to the configs at both ends. Other than that, I did not do anything special.
Is specifically AES-256 the problem? I.e, do you get the same behaviour with TLS-DHE-RSA-WITH-AES-128-CBC-SHA vs TLS-DHE-RSA-WITH-AES-256-CBC-SHA?
With loopback-client it works for me aswell. Try the same in an actual config and it can't establish a connection.
– misterix
Feb 6 '15 at 23:14
Sorry, it took me a while to find some spare cycles, but I just retried with openvpn 2.3.6 (from swupdate.openvpn.net) on Ubuntu Utopic, and also with normal client/server configs, connect succeeds:$ openvpn --config client.conf --tls-version-min 1.0
OpenVPN 2.3.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 22 2015
library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2015 [Test-Server] Peer Connection Initiated with [AF_INET]10.1.1.1:1194
– Steffan Karger
Mar 15 '15 at 19:04
add a comment |
up vote
0
down vote
up vote
0
down vote
Yes, this should work, and works for me:
$ openvpn --config loopback-client --tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 --tls-version-min 1.0
Thu Jan 29 00:13:13 2015 OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 16 2014
Thu Jan 29 00:13:13 2015 library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
[...]
Thu Jan 29 00:13:13 2015 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Jan 29 00:13:13 2015 [Test-Server] Peer Connection Initiated with [AF_INET]127.0.0.1:16000
Thu Jan 29 00:13:14 2015 Initialization Sequence Completed
This is using the default loopback-server and loopback-client config files supplied with openvpn. Make sure to add tls-version-min 1.0
(or 1.2, if you want to enforce that) to the configs at both ends. Other than that, I did not do anything special.
Is specifically AES-256 the problem? I.e, do you get the same behaviour with TLS-DHE-RSA-WITH-AES-128-CBC-SHA vs TLS-DHE-RSA-WITH-AES-256-CBC-SHA?
Yes, this should work, and works for me:
$ openvpn --config loopback-client --tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 --tls-version-min 1.0
Thu Jan 29 00:13:13 2015 OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 16 2014
Thu Jan 29 00:13:13 2015 library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
[...]
Thu Jan 29 00:13:13 2015 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Jan 29 00:13:13 2015 [Test-Server] Peer Connection Initiated with [AF_INET]127.0.0.1:16000
Thu Jan 29 00:13:14 2015 Initialization Sequence Completed
This is using the default loopback-server and loopback-client config files supplied with openvpn. Make sure to add tls-version-min 1.0
(or 1.2, if you want to enforce that) to the configs at both ends. Other than that, I did not do anything special.
Is specifically AES-256 the problem? I.e, do you get the same behaviour with TLS-DHE-RSA-WITH-AES-128-CBC-SHA vs TLS-DHE-RSA-WITH-AES-256-CBC-SHA?
answered Jan 28 '15 at 23:22
Steffan Karger
48124
48124
With loopback-client it works for me aswell. Try the same in an actual config and it can't establish a connection.
– misterix
Feb 6 '15 at 23:14
Sorry, it took me a while to find some spare cycles, but I just retried with openvpn 2.3.6 (from swupdate.openvpn.net) on Ubuntu Utopic, and also with normal client/server configs, connect succeeds:$ openvpn --config client.conf --tls-version-min 1.0
OpenVPN 2.3.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 22 2015
library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2015 [Test-Server] Peer Connection Initiated with [AF_INET]10.1.1.1:1194
– Steffan Karger
Mar 15 '15 at 19:04
add a comment |
With loopback-client it works for me aswell. Try the same in an actual config and it can't establish a connection.
– misterix
Feb 6 '15 at 23:14
Sorry, it took me a while to find some spare cycles, but I just retried with openvpn 2.3.6 (from swupdate.openvpn.net) on Ubuntu Utopic, and also with normal client/server configs, connect succeeds:$ openvpn --config client.conf --tls-version-min 1.0
OpenVPN 2.3.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 22 2015
library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2015 [Test-Server] Peer Connection Initiated with [AF_INET]10.1.1.1:1194
– Steffan Karger
Mar 15 '15 at 19:04
With loopback-client it works for me aswell. Try the same in an actual config and it can't establish a connection.
– misterix
Feb 6 '15 at 23:14
With loopback-client it works for me aswell. Try the same in an actual config and it can't establish a connection.
– misterix
Feb 6 '15 at 23:14
Sorry, it took me a while to find some spare cycles, but I just retried with openvpn 2.3.6 (from swupdate.openvpn.net) on Ubuntu Utopic, and also with normal client/server configs, connect succeeds:
$ openvpn --config client.conf --tls-version-min 1.0
OpenVPN 2.3.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 22 2015
library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2015 [Test-Server] Peer Connection Initiated with [AF_INET]10.1.1.1:1194
– Steffan Karger
Mar 15 '15 at 19:04
Sorry, it took me a while to find some spare cycles, but I just retried with openvpn 2.3.6 (from swupdate.openvpn.net) on Ubuntu Utopic, and also with normal client/server configs, connect succeeds:
$ openvpn --config client.conf --tls-version-min 1.0
OpenVPN 2.3.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 22 2015
library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2015 [Test-Server] Peer Connection Initiated with [AF_INET]10.1.1.1:1194
– Steffan Karger
Mar 15 '15 at 19:04
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f870152%2fopenvpn-tls-1-2-cipher-suites%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown