-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 21.08.13 09:27, schrieb Gert Doering: > Hi, > > On Sun, Aug 18, 2013 at 01:37:15PM +0200, Arne Schwabe wrote: >> Am 24.06.13 01:04, schrieb James Yonan: >>> This is the TLS versioning patch as discussed in last Thursday's IRC >>> meeting. > [..] >> OpenVPN for Android already ships this change and there seem some >> incompatibility. I have a report from a user which reports that against >> his OpenVPN server (Tomato Router Firmware - OpenVPN 2.2.2): > > So if I understand the issue right, it's caused by OpenSSL 0.96 on the > server side (which is ancient, but obviously still shipping). > > Okay, I have some new light on the issue. Tomato Firmware seems not be the same everywhere. I had contact with another user who identified the Tomato Fork which exhibits this bug. As it turn out the OpenSSL version is rather modern (1.0.1c).
OpenSSL seems to stripped down to a minimum. root@ASUS-RTN66:/tmp/home/root# openssl version -a openssl:Error: 'version' is an invalid command. Standard commands enc req rsa x509 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb bf-cbc bf-ecb The Makefile lists a lot of no-xxx options https://github.com/Victek/TomatoRAF/blob/master/release/src/router/openssl/ The problem must be somehting different than a terrible old OpenSSL version. I am leaning towards a "terrible configured" OpenSSL version but my understanding of the whole cipher selection and TLS process is too limited to spot anything. Arne -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIood4ACgkQe8+cMNS4zRfP7wCfcA9OHECNvQN8nj59INIXtEt2 ikcAoJa8NUP2z78G+dtf6iG+lJXMOYyA =xqiF -----END PGP SIGNATURE-----
