Удалённый админ прислал сертификаты и конфиг подключениея к его OpenVpn-серверу. В конфиге написано:tls-cipher TLS-RSA-WITH-AES-256-CBC-SHA
А у меня доступны вот такие шифры:
# openvpn --show-tls
Available TLS Ciphers,
listed in order of preference:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
То есть, у меня все с диффман-хаффманом, а у него - без.
Это значит, что я не смогу подключиться к данному серверу?
Если что, ошибка при коннекте следующая:
OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
TCP/UDP: Preserving recently used remote address: [AF_INET]4.2.7.7:31194
Socket Buffers: R=[87380->87380] S=[16384->16384]
Attempting to establish TCP connection with [AF_INET]4.2.7.7:31194 [nonblock]
TCP connection established with [AF_INET]4.2.7.7:31194
TCP_CLIENT link local: (not bound)
TCP_CLIENT link remote: [AF_INET]4.2.7.7:31194
TLS: Initial packet from [AF_INET]4.2.7.7:31194, sid=16e1f634 e0862fb3
VERIFY OK: depth=1, C=RU, ST=NW, L=Saint-Petersburg, O=Farwater, CN=FarwaterCA
Validating certificate key usage
++ Certificate has key usage 00a8, expects 00a0
++ Certificate has key usage 00a8, expects 0088
VERIFY KU ERROR
OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 5 second(s)
[сообщение отредактировано модератором]
Вариант для распечатки
