From: Steffan K. <st...@ka...> - 2016-07-25 09:18:34
|
Hi, On Mon, Jul 25, 2016 at 1:46 AM, Yevgeny Kosarzhevsky <ph...@gm...> wrote: > whenever I enable 'tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384' on > client and server I get the following error: > > TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:SSL > routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > Is there something I missed? > I have also 'tls-min-version 1.2' on both sides. This is likely due to the ECDHE part - this is not supported for OpenVPN 2.3 with OpenSSL (it is for PolarSSL). Use DHE instead, or switch to the OpenVPN master branch. The master branch does have ECDH(E) support for OpenSSL too. -Steffan |