Re: [Openvpn-devel] [PATCH v2] Add message explaining early TLS client hello failure

Hi, On 26-09-18 14:01, Arne Schwabe wrote: > In my tests an OpenSSL 1.1.1 server does not accept TLS 1.0 only clients > anymore. Unfortunately, Debian 8 still has OpenVPN 2.3.4, which is > TLS 1.0 only without setting tls-version-min. > > We currently log only > OpenSSL: error:14209102:SSL > rou

[Openvpn-devel] [PATCH v2] Add message explaining early TLS client hello failure

In my tests an OpenSSL 1.1.1 server does not accept TLS 1.0 only clients anymore. Unfortunately, Debian 8 still has OpenVPN 2.3.4, which is TLS 1.0 only without setting tls-version-min. We currently log only OpenSSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported prot