server won't connect above TLS 1.0

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mikekehrli
OpenVpn Newbie
Posts: 2
Joined: Thu May 17, 2018 7:35 pm

server won't connect above TLS 1.0

Post by mikekehrli » Sat May 19, 2018 12:15 am

I just set up an openvpn server on my raspberrypi. It works great. I tried speedtest.net through it and it got over 10 mbit down and 4 mbit up, which is plenty for my purposes. However, I tried to make the client connect at a higher tls version. It will only connect at tls 1.0.

How do I support TLS 1.2 on my openvpn server? I have an apache2 server on the same device and it supports tls 1.2, 1.1, and 1.0. I'm going to disable 1.0, but not until I've fixed the issue with my openvpn server. I'm finding it hard to find documentation about enforcing the higher tls version. Does anyone have a link to documentation for this, or a howto or guide of some kind?

BohdanHamulets
OpenVpn Newbie
Posts: 5
Joined: Thu Mar 15, 2018 12:04 pm

Re: server won't connect above TLS 1.0

Post by BohdanHamulets » Mon May 21, 2018 10:03 am

Hello, could you please post your server.conf

/etc/openvpn/server.cong - in case of Community Server

/usr/local/openvpn_as/etc/as.conf - in case of a Access Server

Typically

--tls-version-min version ['or-highest']
Sets the minimum TLS version we will accept from the peer (default is "1.0"). Examples for version include "1.0", "1.1", or "1.2". If 'or-highest' is specified and version is not recognized, we will only accept the highest TLS version supported by the local SSL implementation.

--tls-version-max version
Set the maximum TLS version we will use (default is the highest version supported). Examples for version include "1.0", "1.1", or "1.2".

Are responsible for that, and it also matters settings on the client, you're trying to connect with.

Post Reply