iOS v3 App TLS Errors on New Installs Only
Posted: Wed Sep 12, 2018 6:39 pm
With the upgrade of OpenVPN Connect to v3.0.1.(770), I've found that I can only connect on iPhones that upgraded the app (after reinstalling the config). Installing the app on an iPhone that did not have it previously installed, the app fails with the following TLS Error.
Server Log:
Client Log:
When I received this error on the old iOS app, I successfully fixed it by checking the AES-CBC cipher algorithm setting.
I've verified that the settings match between the freshly installed iOS app and the upgraded iOS app.
Server Config TLS Settings:
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
cipher AES-256-CBC
Client Config TLS Settings:
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
cipher AES-256-CBC
Server Log:
Code: Select all
ovpn-server[9110]: X.X.X.X:42529 TLS: Initial packet from [AF_INET]X.X.X.X:42529, sid=c93dd086 c1f6f25f
ovpn-server[9110]: X.X.X.X:42529 TLS error: The server has no TLS ciphersuites in common with the client. Your --tls-cipher setting might be too restrictive.
ovpn-server[9110]: X.X.X.X:42529 OpenSSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
ovpn-server[9110]: X.X.X.X:42529 TLS_ERROR: BIO read tls_read_plaintext error
ovpn-server[9110]: X.X.X.X:42529 TLS Error: TLS object -> incoming plaintext read error
ovpn-server[9110]: X.X.X.X:42529 TLS Error: TLS handshake failed
Code: Select all
----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Sep 4 2018 09:41:09
Frame=512/2048/512 mssfix-ctrl=1250
UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [user] [nobody]
7 [group] [nogroup]
8 [persist-key]
9 [persist-tun]
11 [tls-cipher] [TLS-DHE-RSA-WITH-AES-256-CBC-SHA]
15 [verb] [3]
18 [auth-nocache]
EVENT: RESOLVE
Contacting [X.X.X.X]:PORT/UDP via UDP
EVENT: WAIT
Connecting to [domain]:PORT (X.X.X.X) via UDPv4
EVENT: CONNECTING
Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
Creds: StaticChallenge
Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.1-770
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
EVENT: DISCONNECTED
Raw stats on disconnect:
BYTES_IN : 98
BYTES_OUT : 6260
PACKETS_IN : 1
PACKETS_OUT : 22
Performance stats on disconnect:
CPU usage (microseconds): 76332
Network bytes per CPU second: 83294
Tunnel bytes per CPU second: 0
I've verified that the settings match between the freshly installed iOS app and the upgraded iOS app.
Server Config TLS Settings:
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
cipher AES-256-CBC
Client Config TLS Settings:
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
cipher AES-256-CBC