On server side I got:
TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
tls-cipher AES128-SHA / AES256-SHA / RC4-SHA also do not work (as I tested)
On the both sides I put the same tls-cipher.
So please, add a support of using AES256-SHA (and other ciphers) for tls-cipher!
Thanks in advance.
tls-cipher AES256-SHA and others are not supported!
-
Slavakom
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Feb 02, 2013 10:43 pm
-
ceebo
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Feb 26, 2013 7:25 am
Re: tls-cipher AES256-SHA and others are not supported!
+1!
I'm connecting to an OpenVPN server on DD-WRT (v24-sp2 SVN revision 19342) and the connection fails no matter what encryption ciphers I tried to use (yes, I was configuring the same cipher on the server and client for each test). It appears that the DD-WRT implementation only supports the following encryption ciphers:
AES-512-CBC
AES-256-CBC
AES-192-CBC
AES-128-CBC
BF-CBC
However, none of these tunnel encryption ciphers appear to be supported via OpenVPN Connect 1.0 (build 47) on iOS 6.1.2.
When I attempt to connect using foo.ovpn config elements that I have confirmed to work, the DD-WRT OpenVPN server logs the following errors:
Mon Feb 25 22:43:13 2013 us=669944 [IP redacted]:53830 TLS: Initial packet from [IP redacted]:53830, sid=5a4b8d3d 84a47b14
Mon Feb 25 22:43:13 2013 us=804389 [IP redacted]:53830 TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:lib(20):func(138):reason(193)
Mon Feb 25 22:43:13 2013 us=804536 [IP redacted]:53830 TLS Error: TLS object -> incoming plaintext read error
Mon Feb 25 22:43:13 2013 us=804623 [IP redacted]:53830 TLS Error: TLS handshake failed
Mon Feb 25 22:43:13 2013 us=805105 [IP redacted]:53830 Fatal TLS error (check_tls_errors_co), restarting
Mon Feb 25 22:43:13 2013 us=805238 [IP redacted]:53830 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Feb 25 22:43:13 2013 us=805566 TCP/UDP: Closing socket
Where error "1408A0C1" apparently indicates "no shared cipher".
I've tried the various AES-xxx-CBC and BF-CBC ciphers and all return the same errors.
When I use the same client configuration files with an OpenVPN build available from Cydia (2.3-alpha1 for i686-apple-darwin10), a client VPN connection to the same VPN server works fine.
Please add the tunnel encryption ciphers above! Thank you.
I'm connecting to an OpenVPN server on DD-WRT (v24-sp2 SVN revision 19342) and the connection fails no matter what encryption ciphers I tried to use (yes, I was configuring the same cipher on the server and client for each test). It appears that the DD-WRT implementation only supports the following encryption ciphers:
AES-512-CBC
AES-256-CBC
AES-192-CBC
AES-128-CBC
BF-CBC
However, none of these tunnel encryption ciphers appear to be supported via OpenVPN Connect 1.0 (build 47) on iOS 6.1.2.
When I attempt to connect using foo.ovpn config elements that I have confirmed to work, the DD-WRT OpenVPN server logs the following errors:
Mon Feb 25 22:43:13 2013 us=669944 [IP redacted]:53830 TLS: Initial packet from [IP redacted]:53830, sid=5a4b8d3d 84a47b14
Mon Feb 25 22:43:13 2013 us=804389 [IP redacted]:53830 TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:lib(20):func(138):reason(193)
Mon Feb 25 22:43:13 2013 us=804536 [IP redacted]:53830 TLS Error: TLS object -> incoming plaintext read error
Mon Feb 25 22:43:13 2013 us=804623 [IP redacted]:53830 TLS Error: TLS handshake failed
Mon Feb 25 22:43:13 2013 us=805105 [IP redacted]:53830 Fatal TLS error (check_tls_errors_co), restarting
Mon Feb 25 22:43:13 2013 us=805238 [IP redacted]:53830 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Feb 25 22:43:13 2013 us=805566 TCP/UDP: Closing socket
Where error "1408A0C1" apparently indicates "no shared cipher".
I've tried the various AES-xxx-CBC and BF-CBC ciphers and all return the same errors.
When I use the same client configuration files with an OpenVPN build available from Cydia (2.3-alpha1 for i686-apple-darwin10), a client VPN connection to the same VPN server works fine.
Please add the tunnel encryption ciphers above! Thank you.