OPNsense Forum

English Forums => General Discussion => Topic started by: john on January 27, 2020, 07:34:33 pm

Title: OpenVPN, Peer to Peer, SSL/TLS enabled with secp521r1 certs won't work
Post by: john on January 27, 2020, 07:34:33 pm: Hello

Given a `self-signed CA cert` and a `self-signed cert` using `secp521r1` for a `Peer to Peer (SSL/TLS)` with `AES-256-GCM` and `TLS Authentication` enabled it gives the following error message:

```sh
TLS Error: TLS handshake failed
TLS Error: TLS object -> incoming plaintext read error
TLS_ERROR: BIO read tls_read_plaintext error
OpenSSL: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher
TLS error: The server has no TLS ciphersuites in common with the client. Your --tls-cipher setting might be too restrictive.
```

A `Remote Access (SSL/TLS)` with the same pair of certs with `secp521r1` and `AES-256-GCM` and `TLS Authentication` enabled works.

May be someone can help me with this or explain if my combination of `TLS Authentication` and `Encryption algorithm` may not work for EC certs using `secp521r1` and Peer to Peer?

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy