SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
dukeluke
OpenVpn Newbie
Posts: 2
Joined: Tue Aug 06, 2013 8:03 am

SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Post by dukeluke » Tue Aug 06, 2013 8:22 am

hey,
i am trying to establish a connection between an iphone or ipad (tried both, none worked) with ios 6.1.3
when i use the same config on an android phone it works flawlessly.
here's the log i get on the server:

Code: Select all

Aug  6 09:40:31 unknown daemon.notice openvpn[4845]: MULTI: multi_create_instance called
Aug  6 09:40:31 unknown daemon.notice openvpn[4845]: 89.144.206.3:52866 Re-using SSL/TLS context
Aug  6 09:40:31 unknown daemon.notice openvpn[4845]: 89.144.206.3:52866 LZO compression initialized
Aug  6 09:40:31 unknown daemon.notice openvpn[4845]: 89.144.206.3:52866 Control Channel MTU parms [ L:1547 D:138 EF:38 EB:0 ET:0 EL:0 ]
Aug  6 09:40:31 unknown daemon.notice openvpn[4845]: 89.144.206.3:52866 Data Channel MTU parms [ L:1547 D:1450 EF:47 EB:135 ET:0 EL:0 AF:3/1 ]
Aug  6 09:40:31 unknown daemon.notice openvpn[4845]: 89.144.206.3:52866 TLS: Initial packet from 89.144.206.3:52866, sid=bf5e61c6 cf3a86d2
Aug  6 09:40:32 unknown daemon.err openvpn[4845]: 89.144.206.3:52866 TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Aug  6 09:40:32 unknown daemon.err openvpn[4845]: 89.144.206.3:52866 TLS Error: TLS object -> incoming plaintext read error
Aug  6 09:40:32 unknown daemon.err openvpn[4845]: 89.144.206.3:52866 TLS Error: TLS handshake failed
Aug  6 09:40:32 unknown daemon.notice openvpn[4845]: 89.144.206.3:52866 SIGUSR1[soft,tls-error] received, client-instance restarting
i hope anyone can help me.

kr, luki
Top
soulianis
OpenVpn Newbie
Posts: 8
Joined: Wed Jul 17, 2013 3:44 pm

Re: SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Post by soulianis » Wed Aug 28, 2013 11:01 am

I had a similar problem. It appears that not all TLS ciphers are supported with OpenVPN Connect on iOS.

The OpenVPN Connect client log should show which TLS cipher it wants, for example "DHE-RSA-AES256-SHA". Now, on the server side, use "openvpn --show-tls" to show a list of supported TLS ciphers and check whether or not the wanted cipher is listed.

In my case, on the server side I had to install a new OpenSSL library and then reconfigure/recompile OpenVPN.

Hope this helps.
Top
dukeluke
OpenVpn Newbie
Posts: 2
Joined: Tue Aug 06, 2013 8:03 am

Re: SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Post by dukeluke » Wed Aug 28, 2013 11:38 am

hey,
thank you for the reply!
it's a bit difficult to install a new openssl library on the server side, because it's an embedded linux on a linksys router.

but thanks for the answer, i'll just go with android then :)

kr, luki
Top
kolberda
OpenVpn Newbie
Posts: 1
Joined: Sun Aug 21, 2016 12:43 pm

Re: SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Post by kolberda » Sun Aug 21, 2016 12:44 pm

This is usually remedied by going to the OpenVPN section of the iOS Settings app and selecting "Force AES-CBC ciphersuites". (Under iPhone Settings, not OpenVPN app settings)
Top
Post Reply

Return to “OpenVPN Connect (iOS)”