Page 1 of 1
Force AES-CBC ciphersuites and TLS_ERROR
Posted: Wed Jun 08, 2016 1:33 pm
by Sini
* The OpenVPN Setting "Force AES-CBC ciphersuites" is now off by
default. If you experience connection issues with this change,
you can easily turn it back on in the Settings App under OpenVPN.
What is the command to turn on this option. Since Update 1.0.7 i can't connect with clients.
Client Config
dev tun
comp-lzo No
verb 3
proto tcp
remote Openvpn.... 443
cipher AES-256-CBC
key-direction 1
tls-auth
remote-cert-tls server
tls-remote openvpn...
ca
Error
TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Re: TLS_ERROR
Posted: Wed Jun 08, 2016 2:22 pm
by TinCanTech
Please see:
viewtopic.php?f=36&t=21813
SSL routines:SSL3_GET_CLIENT_HELLO:
no shared cipher - The server and client have no shared ciphers .. perhaps "Force AES-CBC ciphersuites will remedy this ..
Re: Force AES-CBC ciphersuites and TLS_ERROR
Posted: Wed Jun 08, 2016 2:42 pm
by Sini
I tried it manually to turn on Force AES-CBC ciphersuites and it works but i deploy config automatically.
Would be the command for client config
Force AES-CBC ciphersuites enabled
Re: Force AES-CBC ciphersuites and TLS_ERROR
Posted: Wed Jun 08, 2016 3:23 pm
by Sini
To be more specific i deploy the connection settings via mdm when the app is installed.
I use the above posted commands but this Force Setting is part of the Advanced Settings under iOS App.
Is there a way to enable this Settings via configuration?
Re: Force AES-CBC ciphersuites and TLS_ERROR
Posted: Mon Jun 13, 2016 12:48 am
by sanjayzed
can you try with auth & cipher as none in both client and server side and delete tls-auth data in client config.
please share your logs as well.