TLS error: Unsupported protocol.

madial3368 · Post by **madial3368** » Thu Sep 17, 2020 8:36 am

Hello,
My openvpn server is 2.4.9. I am using following ciphers, with ta.key.

cipher AES-256-CBC
auth SHA256

There is two yealink phones that I should connect to my openvpn server. In first phone openvpn version is 2.4.2, and it successfully connecting. The second yealink (W60B) phone cant connect due to the following error that I found on my OpenVPN server:

Code: Select all

*.*.*.*:50100 TLS: Initial packet from [AF_INET]*.*.*.*:50100, sid=d983e1b2 b0150154
*.*.*.*:50100 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
*.*.*.*:50100 OpenSSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
*.*.*.*:50100 TLS_ERROR: BIO read tls_read_plaintext error
*.*.*.*:50100 TLS Error: TLS object -> incoming plaintext read error
*.*.*.*:50100 TLS Error: TLS handshake failed
*.*.*.*:50100 SIGUSR1[soft,tls-error] received, client-instance restarting

In yealink phone logs, I found that openvpn version is 2.2.1, and read, that this openvpn client version not supporting tls 1.2, and this is the cause of the issue.

Please advise, can I somehow connect this phone to my openvpn? and actually my investigation is went to the right way or not?

madial3368 · Post by **madial3368** » Wed Sep 23, 2020 7:33 am

Really there is no any idea?

Oldman4sail · Post by **Oldman4sail** » Fri Sep 25, 2020 2:05 am

I'm also a newbie when it comes to Yealink and openvpn, but my research indicates...
firmware v73 or lower only supports SHA1 or MD5 encryption algorithm;
firmware v83 or higher supports SHA256 encryption algorithm;
I cannot confirm if the dh2048 is supported in v83 or higher, but dh1024 was always supported.
what is the firmware version of the second yealink (W60B) phone?

madial3368 · Post by **madial3368** » Fri Sep 25, 2020 7:05 am

Thanks for your reply, in my phone box, the version is v77.83.0.85, but today I checked that they released new version (W60B-77.85.0.20.rom 2020-09-21).
You think the last solution can be change SHA256 to SHA1 (and maybe dh2048->dh1024)?

Oldman4sail · Post by **Oldman4sail** » Fri Sep 25, 2020 2:41 pm

they only mention sha1...(search the pdf for...sha1), it's at the bottom under troubleshooting...
http://support.yealink.com/previewPdf?f ... qyTg%3D%3D

http://support.yealink.com/documentFron ... mentId=206

or create an account and ask yealink support.
It seems that the firmware version controls what's supported. The newer firmware supports dh2048 and sha256, but a post to yealinks support forum could not hurt.

madial3368 · Post by **madial3368** » Tue Sep 29, 2020 8:33 am

Yes you are right, they release new firmware, and it fixed the issue.
Thanks a lot for the point.

OpenVPN Support Forum

TLS error: Unsupported protocol.

TLS error: Unsupported protocol.

Re: TLS error: Unsupported protocol.

Re: TLS error: Unsupported protocol.

Re: TLS error: Unsupported protocol.

Re: TLS error: Unsupported protocol.

Re: TLS error: Unsupported protocol.