OpenVPN only supports TLS v1.0
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openvpn (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Trusty |
Confirmed
|
Medium
|
Unassigned | ||
Utopic |
Won't Fix
|
Medium
|
Unassigned | ||
Vivid |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Hi Guys,
Seems the version of OpenVPN we're carrying only supports and/or is able to negotiate TLS v1.0. The patch below has landed in upstream OpenVPN 2.3.3 and replaces TLSv1_server_
https:/
For example, when OpenVPN tls-ciphers is configured with TLS v1.2 ciphers:
| tls-cipher TLS-ECDHE-
Logs shows negotiating at TLS v1.0:
| Oct 26 21:58:47 ragnar ovpn-canonical[
When TLS v1.1 and/or v1.2 ciphers are only specified, sessions fail:
| Oct 26 21:58:29 ragnar ovpn-canonical[
| Oct 26 21:58:29 ragnar ovpn-canonical[
| Oct 26 21:58:29 ragnar ovpn-canonical[
| Oct 26 21:58:31 ragnar ovpn-canonical[
Could we please consider either packaging >= 2.3.3 or backporting this patch?
Thanks,
Haw
description: | updated |
no longer affects: | openvpn (Ubuntu Vivid) |
description: | updated |
tags: | added: patch-accepted-upstream |
Changed in openvpn (Ubuntu): | |
importance: | Undecided → Medium |
Changed in openvpn (Ubuntu Trusty): | |
importance: | Undecided → Medium |
Changed in openvpn (Ubuntu Utopic): | |
importance: | Undecided → Medium |
Status changed to 'Confirmed' because the bug affects multiple users.