iOS OpenSSL: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
markhorrocks
OpenVpn Newbie
Posts: 9
Joined: Tue Jul 18, 2017 9:03 pm

iOS OpenSSL: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Post by markhorrocks » Mon Aug 21, 2017 5:42 pm

I have installed OpenVPN on an iPhone 7 and getting the following connection error. I'm using self signed elliptical curve certificates and they are embedded in the .ovpn file using tags with ta.key.

I have tried to enforce AES-256-CBC in the iOS client.

This config works fine on Ubuntu, Mac OS X and Windows.

error:
OpenSSL: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Client config:
Cient
client
proto udp
dev tun
remote vpn.mydomain.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
tls-version-min 1.2
tls-client
ping 15
ping-restart 120
route 10.0.0.0 255.0.0.0
route-nopull
key-direction 1
comp-lzo

<ca>
redacted
</ca>
redacted
<cert>
redacted
</cert>
<key>
</key>
<tls-auth>
</tls-auth>
Server config:
Server
dev tun

proto udp

port 1194

user nobody
group nogroup

ca /usr/local/share/ca-certificates/ca.crt
cert /usr/local/share/ca-certificates/server.crt
key /usr/local/share/ca-certificates/server.key

dh none

server 10.2.255.0 255.255.255.0

ifconfig-pool-persist ipp.txt

ncp-disable
cipher AES-256-CBC
auth SHA512

tls-version-min 1.2

tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

comp-lzo

keepalive 10 120

persist-key
persist-tun

tls-server
tls-auth /usr/local/share/ca-certificates/ta.key 0
key-direction 0

status /var/log/openvpn-status.log

log /var/log/openvpn.log

verb 3

daemon

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: iOS OpenSSL: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Post by TinCanTech » Mon Aug 21, 2017 5:53 pm

markhorrocks wrote:Server

tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
Try without these.

markhorrocks
OpenVpn Newbie
Posts: 9
Joined: Tue Jul 18, 2017 9:03 pm

Re: iOS OpenSSL: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Post by markhorrocks » Mon Aug 21, 2017 5:57 pm

I can't change the server config. The iOS settings for OpenVPN has a selection for TLS version which allows tls 1.2. Perhaps the client doesn't support ECDHE elliptical curve ciphers?

Post Reply