Hi, I am trying to set up openvpn server on AC68 with Merlin 378.56 that uses tls-cipher TLS-ECDHE-ECDSA-catergory (such as TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256).
When I listed it in the server option, the server starts fine but give out following error when a client tries to connect to it.
TLS: Initial packet from [AF_INET] IPport sid=76bde0df 30689078
Oct 31 18:48:23 openvpn[1417]: IPort TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
Oct 31 18:48:23 openvpn[1417]: IPport TLS Error: TLS object -> incoming plaintext read error
Oct 31 18:48:23 openvpn[1417]: IPport TLS Error: TLS handshake failed
All CA, Server, and Client certs & keys are generated by easyrsa3 with EC and secp384r1.
vpn client is 2.3.8 on windows.
so far the highest tls-cipher I can pair up the server and client is DHE-RSA-AES256-GCM-SHA384 with RSA.
Is ECDHE/ECDSA supported so far? base on my reading, it should work for tls handshake part.
When I listed it in the server option, the server starts fine but give out following error when a client tries to connect to it.
TLS: Initial packet from [AF_INET] IPport sid=76bde0df 30689078
Oct 31 18:48:23 openvpn[1417]: IPort TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
Oct 31 18:48:23 openvpn[1417]: IPport TLS Error: TLS object -> incoming plaintext read error
Oct 31 18:48:23 openvpn[1417]: IPport TLS Error: TLS handshake failed
All CA, Server, and Client certs & keys are generated by easyrsa3 with EC and secp384r1.
vpn client is 2.3.8 on windows.
so far the highest tls-cipher I can pair up the server and client is DHE-RSA-AES256-GCM-SHA384 with RSA.
Is ECDHE/ECDSA supported so far? base on my reading, it should work for tls handshake part.