Closed MiltonLai closed 4 years ago
I have solved this problem according to this post https://blog.surgut.co.uk/2019/08/how-to-disable-tls-10-and-tls-11-on.html The change is (for Ubuntu 20.04 only, I didn't test it in other distribution): Edit /etc/ssl/openssl.cnf , find this line
oid_section = new_oids
Add the following lines right below the above line
openssl_conf = default_conf
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.1
CipherString = DEFAULT@SECLEVEL=1
This won't make any change to the output of openssl version -a
, but the error error:1425F102:SSL
no long shows. In my case I also need to uncheck the "Insecure SSL" option.
Thanks, will close this issue now.
This solution doesn't work on 0.9.0-3_amd64_focal.
I installed 0.9.0-3 today in a newly installed Ubuntu20.04, I got the same protocol issue, but this time I tried all methods with no luck. The connections always failed with "1425F102:SSL routines:ssl_choose_client_version:unsupported protocol".
Finally I had to install 99.9.1057-1 instead.
Don't works too with Linux Mint 20.1 and openfortigui 0.9.4-1_amd64_focal Same error.
I installed the dev version(openfortigui_99.9.1057-1_amd64_focal.deb) in a newly installed Ubuntu20.04 and got the following errors when trying to connect to the server:
If I check the "Insecure SSL" option, then the error becomes
I googled and found this may be related with the OpenSSL version(link), but I didn't find where to set the MinProtocol option
The vpn server is maintained by other company so server upgrade is not an option, is there any way to make openfortigui work with old SSL version?
Thanks!