error:0A000152:SSL routines::unsafe legacy renegotiation disabled

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
zenon_brak
OpenVpn Newbie
Posts: 1
Joined: Fri Oct 13, 2023 9:49 pm

error:0A000152:SSL routines::unsafe legacy renegotiation disabled

Post by zenon_brak » Fri Oct 13, 2023 10:14 pm

Hi, I need help with the following issue.
After updating to OpenVPN 3.4.0 (5457) on iOS, "error:0A000152:SSL routines::unsafe legacy renegotiation disabled" occur when trying to connect.
In Settings -> Advanced Options, I have the Insecure (Not Recommended) option selected.
However, this doesn't help, I still can't connect...

Client Logs (## IP, PORT & DOMAIN removed for privacy ##):

Code: Select all

[Oct 13, 2023, 23:47:09] START CONNECTION
[Oct 13, 2023, 23:47:09] ----- OpenVPN Start -----
OpenVPN core 3.8.2connect1 ios arm64 64-bit
[Oct 13, 2023, 23:47:09] OpenVPN core 3.8.2connect1 ios arm64 64-bit
[Oct 13, 2023, 23:47:09] Frame=512/2112/512 mssfix-ctrl=1250
[Oct 13, 2023, 23:47:09] EVENT: RESOLVE
[Oct 13, 2023, 23:47:09] Contacting <IP:PORT> via UDP 
[Oct 13, 2023, 23:47:09] EVENT: WAIT
[Oct 13, 2023, 23:47:09] Connecting to [<DOMAIN>]:<PORT> (<IP>) via UDP
[Oct 13, 2023, 23:47:10] EVENT: CONNECTING
[Oct 13, 2023, 23:47:10] Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
[Oct 13, 2023, 23:47:10] Creds: UsernameEmpty/PasswordEmpty
[Oct 13, 2023, 23:47:10] Sending Peer Info:
IV_VER=3.8.2connect1
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=990
IV_MTU=1600
IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:DES-CBC:DES-EDE3-CBC:BF-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_LZO=1
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.ios_3.4.0-5457
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1
[Oct 13, 2023, 23:47:10] Client exception in transport_recv_excode: OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2640 status=-1: error:0A000152:SSL routines::unsafe legacy renegotiation disabled
[Oct 13, 2023, 23:47:10] Client terminated, restarting in 2000 ms...
Server Logs (## IP & PORT removed for privacy ##):

Code: Select all

Oct 13 23:48:09 openvpn[534]: <IP:PORT> TLS Error: TLS handshake failed
Oct 13 23:48:09 openvpn[534]: <IP:PORT> TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 13 23:47:09 openvpn[534]: <IP:PORT> LZO compression initialized
Oct 13 23:47:09 openvpn[534]: <IP:PORT> Re-using SSL/TLS context
Top
dallinga
OpenVpn Newbie
Posts: 1
Joined: Sun Jan 21, 2024 8:58 am

Re: error:0A000152:SSL routines::unsafe legacy renegotiation disabled

Post by dallinga » Sun Jan 21, 2024 9:00 am

I have been getting this error too since late last year, on my draytek router, started using the draytek ssl vpn, but need open vpn working for my travel fire stick for watching iPlayer abroad, most annoying.
Top
xberti
OpenVpn Newbie
Posts: 1
Joined: Wed Jan 31, 2024 9:26 am

Re: error:0A000152:SSL routines::unsafe legacy renegotiation disabled

Post by xberti » Wed Jan 31, 2024 9:55 am

Hi, I also got this exception in the OpenVPN client on Android smart phones:

Client Log:

Code: Select all

[Jan. 31, 2024, 09:29:05] EVENT: RECONNECTING

[Jan. 31, 2024, 09:29:05] Contacting xyz.xyz.xyz.xyz:1194 via UDP

[Jan. 31, 2024, 09:29:05] EVENT: RESOLVE

[Jan. 31, 2024, 09:29:05] EVENT: WAIT

[Jan. 31, 2024, 09:29:05] Connecting to [xyz.dyndns.org]:1194 (xyz.xyz.xyz.xyz) via UDP

[Jan. 31, 2024, 09:29:06] EVENT: CONNECTING

[Jan. 31, 2024, 09:29:06] Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client

[Jan. 31, 2024, 09:29:06] Creds: Username/Password

[Jan. 31, 2024, 09:29:06] Sending Peer Info:
IV_VER=3.8.4connectX
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=990
IV_MTU=1600
IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_GUI_VER=net.openvpn.connect.android_3.4.0-9755
IV_SSO=webauth,openurl,crtext


[Jan. 31, 2024, 09:29:06] Client exception in transport_recv_excode: OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2640 status=-1: error:0A000152:SSL routines::unsafe legacy renegotiation disabled

[Jan. 31, 2024, 09:29:06] Client terminated, restarting in 2000 ms...
So this is the exception:

Code: Select all

Client exception in transport_recv_excode: OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2640 status=-1: error:0A000152:SSL routines::unsafe legacy renegotiation disabled
I also have a DrayTek router (Vigor 2862) with OpenVPN Server included.

Does "unsafe legacy renegotiation disabled" mean I'll have to switch something at the OpenVPN client app?
I think that the client side has got an update (the Android OpenVPN App). Could this cause the problem?
If yes, what do I have to change on the client side?

Best regards
xberti
Top
kramms
OpenVpn Newbie
Posts: 2
Joined: Mon Oct 23, 2023 9:57 pm

Re: error:0A000152:SSL routines::unsafe legacy renegotiation disabled

Post by kramms » Tue Mar 12, 2024 12:28 pm

Any luck with this? Same issue with the Draytek 2952
Top
Post Reply

Return to “OpenVPN Connect (iOS)”