On Sun, 2018-11-04 at 21:10 +0100, Kurt Roeckx wrote: > On Sun, Nov 04, 2018 at 11:39:59AM -0800, James Bottomley wrote: > > > > > > On which side do you use tls-version-min? > > > > client > > > > > Can you please give the version of both openvpn and openssl on > > > both > > > sides. > > > > Client is openwrt, server is debian testing. The package of the > > server > > was already provided in the bug report, but again it's > > > > openssl 1.1.1-2 > > openvpn 2.4.6-1 > > > > Packages on the openwrt client are > > > > libopenssl 1.0.2g-1 > > openvpn-openssl 2.3.6-5 > > So you're saying that even with tls-version-min 1.0 on your > client side and with openssl.cnf changed on the server it's still > not working?
No, I'm saying with no client tls-version-min specified at all (the usual default openvpn config) it fails in 1.1.1 and works with 1.1.0 With client tls-version-min set to 1.0 it works with both. James
