On Monday, 20 April 2020 16:28:03 CEST wrote: > Hello Arne, > > On Mon, 20 Apr 2020 15:01:27 +0200 Arne Schwabe <a...@rfc2549.org> wrote: > > Hey, > > > > OpenVPN developer here. > > > > From this output in the original bug report: > > > Mon Apr 20 11:02:29 2020 OpenSSL: error:14187180:SSL > > > > routines:ssl_do_config:bad value > > > > > Mon Apr 20 11:02:29 2020 OpenSSL: error:0909006C:PEM > > > > routines:get_name:no start line > > > > it looks like there is still an error on the OpenSSL error stack that we > > have no cleared/etc. And since our certificate loading got a little bit > > stricter in OpenVPN 2.4.9, we now stumble upon this. > > > > The ssl_do_config error sounds like there is something in the (system > > wide) OpenSSL configuration that upsets OpenSSL and triggers the error. > > Could you attach your /etc/ssl/openssl.cnf so I can try reproduce that > > bug? > > I am attaching my /etc/ssl/openssl.cnf (if for some reason it fails, I will > paste the contents instead). As far as I know, this is the default > /etc/ssl/ openssl.cnf file that comes with Debian, except the "MinProtocol" > parameter, which I had to change for one specific VPN to work (it was using > TLSv1.0 instead of TLSv1.2).
It seems that the culprit is the (non-default) setting MinProtocol = TLSv1.0, which I had to modify to be able to use a specific VPN server. Changing the value to "MinProtocol = TLSv1.2" does not produce the error anymore. > > > Arne > > Best Regards, > Jonas. Jonas.
