OpenVPN2.3.1 release. Parsing tls-cipher ':' separated value
Posted: Fri May 31, 2013 2:06 pm
Maybe not the right place to write this here but I am doing it anyway.
When trying to establish connection to IPvanish service using OpenVpn 2.3.1, freeBSD 9.1 port, I kept getting:
In the log.
openvpn.conf:
When i tried OpenVpn 2.3.1 Win64 with same config and getting pretty much the same log, i felt compelled to go to the source. Downloaded the release source code and looking at it with tears of nostalgia rolling down my cheeks, what did I see?
Suggest change to:
When trying to establish connection to IPvanish service using OpenVpn 2.3.1, freeBSD 9.1 port, I kept getting:
Code: Select all
Fri May 31 14:15:30 2013 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
14:15:30 2013 No valid translation found for TLS cipher 'DHE-DSS-AES256-SHA:AES256-SHA'
14:15:30 2013 Failed to set restricted TLS cipher list, too long (>zu). (OpenSSL)
14:15:30 2013 Exiting due to fatal erroropenvpn.conf:
Code: Select all
client
dev tun
proto tcp
remote sto-b01.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.ipvanish.com.crt
tls-remote sto-b01.ipvanish.com
auth-user-pass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA
script-security 2
Code: Select all
ssl_openssl.c:l221:
end_of_cipher = strcspn(&ciphers[begin_of_cipher], ":");
Code: Select all
end_of_cipher = begin_of_cipher + strcspn(&ciphers[begin_of_cipher], ":");