New upstream version 2.4.7upstream/2.4.7

author: Bernhard Schmidt <berni@debian.org> 2019-02-20 14:11:46 +0100
committer: Bernhard Schmidt <berni@debian.org> 2019-02-20 14:11:46 +0100
commit: 87356242baf10c8b2a94d9013e436ed2a0dada53 (patch)
tree: dd8c5f9774af74c20cdae579ac0f2d352a835e9e /src/openvpn/crypto_openssl.c
parent: 2c8e4bc4f9ab94e4d0b63341820d471af7c28c6c (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index eae2b91..71602f3 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -199,7 +199,16 @@ crypto_print_openssl_errors(const unsigned int flags)
                 "in common with the client. Your --tls-cipher setting might be "
                 "too restrictive.");
         }
-
+        else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL)
+        {
+            msg(D_CRYPT_ERRORS, "TLS error: Unsupported protocol. This typically "
+                 "indicates that client and server have no common TLS version enabled. "
+                 "This can be caused by mismatched tls-version-min and tls-version-max "
+                 "options on client and server. "
+                 "If your OpenVPN client is between v2.3.6 and v2.3.2 try adding "
+                 "tls-version-min 1.0 to the client configuration to use TLS 1.0+ "
+                 "instead of TLS 1.0 only");
+        }
         msg(flags, "OpenSSL: %s", ERR_error_string(err, NULL));
     }
 }
author	Bernhard Schmidt <berni@debian.org>	2019-02-20 14:11:46 +0100
committer	Bernhard Schmidt <berni@debian.org>	2019-02-20 14:11:46 +0100
commit	87356242baf10c8b2a94d9013e436ed2a0dada53 (patch)
tree	dd8c5f9774af74c20cdae579ac0f2d352a835e9e /src/openvpn/crypto_openssl.c
parent	2c8e4bc4f9ab94e4d0b63341820d471af7c28c6c (diff)