How do I manage the error “OpenSSL v1.1.1 ssl_choose_client_version unsupported protocol”? [closed]

by

You don’t have to downgrade OpenSSL.

With the introduction of openssl version 1.1.1 in Debian the defaults are set to more secure values by default. This is done in the /etc/ssl/openssl.cnf config file. At the end of the file there is:

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2

Debian now require as minimum the TLS 1.2 version instead TLS 1.0. If the other side does not support TLS 1.2 or higher you will get some connection errors.

I recommend upgrade openvpn on server to newer version which support TLS 1.2..

Second options (not much secure) is modify MinProcotol to TLSv1 or TLSv1.1.

More Related Contents:

  1. How can I transform between the two styles of public key format, one “BEGIN RSA PUBLIC KEY”, the other is “BEGIN PUBLIC KEY”
  2. Differences between “BEGIN RSA PRIVATE KEY” and “BEGIN PRIVATE KEY”
  3. Converting pfx to pem using openssl
  4. CMake not able to find OpenSSL library
  5. Use RSA private key to generate public key? [closed]
  6. Converting PKCS#12 certificate into PEM using OpenSSL
  7. Difference between openSSL rsautl and dgst
  8. Verify a certificate chain using openssl verify
  9. Convert PEM traditional private key to PKCS8 private key
  10. Using OpenSSL what does “unable to write ‘random state'” mean?
  11. Multiple OpenSSL RSA signing methods produce different results
  12. How to extract public key using OpenSSL?
  13. OpenSSL Verify return code: 20 (unable to get local issuer certificate)
  14. Why is Apple Deprecating OpenSSL in MacOS 10.7 (Lion)? [closed]
  15. RSA: Get exponent and modulus given a public key
  16. Correct location of openssl.cnf file
  17. Programmatically Create X509 Certificate using OpenSSL
  18. How to generate an openSSL key using a passphrase from the command line?
  19. Convert pem key to ssh-rsa format
  20. How to save public key from a certificate in .pem format
  21. How to create public and private key with openssl?
  22. How to convert an ECDSA key to PEM format
  23. Unable to load Private Key. (PEM routines:PEM_read_bio:no start line:pem_lib.c:648:Expecting: ANY PRIVATE KEY) [closed]
  24. Creating a .p12 file
  25. How do I get Visual Studio Code to trust our self-signed proxy certificate?
  26. When was TLS 1.2 support added to OpenSSL?
  27. Build OpenVPN with specific OpenSSL version
  28. Cross Compile OpenSSH for ARM
  29. How to make browser trust localhost SSL certificate? [closed]
  30. Digital signature for a file using openssl

Leave a Comment