summaryrefslogtreecommitdiff
path: root/src/openvpn/crypto_openssl.c
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2019-02-20 14:11:51 +0100
committerBernhard Schmidt <berni@debian.org>2019-02-20 14:11:51 +0100
commit39ddb9cc8281bd239b94a3023da6329edb6718c1 (patch)
treedc6a8e7f1018f59f088c5b06b48eb24efe17f22d /src/openvpn/crypto_openssl.c
parentd5078cc44b8919a25cb7507e9e6da1d66f25bb5b (diff)
parent87356242baf10c8b2a94d9013e436ed2a0dada53 (diff)
Update upstream source from tag 'upstream/2.4.7'
Update to upstream version '2.4.7' with Debian dir d01da6ef78dc8ce91265e8f319468f6c34d23af8
Diffstat (limited to 'src/openvpn/crypto_openssl.c')
-rw-r--r--src/openvpn/crypto_openssl.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index eae2b91..71602f3 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -199,7 +199,16 @@ crypto_print_openssl_errors(const unsigned int flags)
"in common with the client. Your --tls-cipher setting might be "
"too restrictive.");
}
-
+ else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL)
+ {
+ msg(D_CRYPT_ERRORS, "TLS error: Unsupported protocol. This typically "
+ "indicates that client and server have no common TLS version enabled. "
+ "This can be caused by mismatched tls-version-min and tls-version-max "
+ "options on client and server. "
+ "If your OpenVPN client is between v2.3.6 and v2.3.2 try adding "
+ "tls-version-min 1.0 to the client configuration to use TLS 1.0+ "
+ "instead of TLS 1.0 only");
+ }
msg(flags, "OpenSSL: %s", ERR_error_string(err, NULL));
}
}