I am using Red Hat 8 (rhel8), my home router is Asus AC5300 running OpenVPN server. But my rhel8 VPN in Network Manager can't not connect to my OpenVPN Server.
Here is the error message I got:
[root#my-machine ~]# journalctl -f
nm-openvpn[30404]: TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
[root#my-machine ~]# openvpn --version
OpenVPN 2.4.7 x86_64-redhat-linux-gnu
I've tried by adding tls-version-min 1.0 to my .ovpn file but still not working.
Note: In Linux Ubuntu it is working just fine, BUT not Red Hat 8
seems you have a problem with TLS ... take a look to this checks , maybe have to take a look SSL certificates:
Check for Certificate Name Mismatch
In this particular instance, the customer migrating to Kinsta had a certificate name mismatch which was throwing up the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. As you can see from the SSL Labs test below, this is pretty quick and easy to diagnose. As SSL Labs states, a mismatch can be a number of things such as:
The site does not use SSL, but shares an IP address with some other site that does.
The site no longer exists, yet the domain still points to the old IP address, where some other site is now hosted.
The site uses a content delivery network (CDN) that doesn’t support SSL.
The domain name alias is for a website whose name is different, but the alias was not included in the certificate.
Certificate name mismatch
Another easy way to check the current domain name issue on the certificate is to open up Chrome DevTools on the site. Right-click anywhere on the website and click on “Inspect.” Then click on the security tab and click on “View certificate.” The issued domain will show in the certificate information. If this doesn’t match the current site you’re on, this is a problem.
Check issued domain on SSL certificate
Check issued domain on SSL certificate
Remember though, there are wildcard certificates and other variations, but for a typical site, it should match exactly. However, in our case, the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error actually prevented us from being able to check it in Chrome DevTools. That is where a tool like SSL Labs can come in handy.
Check for Old TLS version
Another possible reason is that the TLS version running on the web server is old. Ideally, it should be running at least TLS 1.2 (better yet, TLS 1.3). If you are a Kinsta customer you never have to worry about this as we always upgrade our servers to the latest and greatest supported versions. Kinsta supports TLS 1.3 on all of our servers and our Kinsta CDN. Cloudflare also enables TLS 1.3 by default.
(Suggested reading: if you’re using legacy TLS versions, you might want to fix ERR_SSL_OBSOLETE_VERSION Notifications in Chrome).
This is something the SSL Labs tool can also help with. Under configuration, it will show you the current version of TLS running on the server with that certificate. If it is old, reach out to your host and ask them to update their TLS version.
TLS 1.3 server support
TLS 1.3 server support
Check RC4 Cipher Suite
Another reason according to Google’s documentation for ERR_SSL_VERSION_OR_CIPHER_MISMATCH is that the RC4 cipher suite was removed in Chrome version 48. This is not very common, but it could happen in say larger enterprise deployments that require RC4. Why? Because everything usually takes longer to upgrade and update in bigger and more complex configurations.
Security researchers, Google, and Microsoft recommend that RC4 be disabled. So you should make sure the server configuration is enabled with a different cipher suite. You can view the current cipher suite in the SSL Labs tool (as seen below).
Cipher suite
Cipher suite
Try Clearing the SSL State On Your Computer
Another thing to try is clearing the SSL state in Chrome. Just like clearing your browser’s cache this can sometimes help if things get out of sync. To clear the SSL state in Chrome on Windows, follow these steps:
Click the Google Chrome – Settings icon (Settings) icon, and then click Settings.
Click Show advanced settings.
Under Network, click Change proxy settings. The Internet Properties dialog box appears.
Click the Content tab.
Click “Clear SSL state”, and then click OK.
Restart Chrome.
Clear SSL state in Chrome on Windows
Clear SSL state in Chrome on Windows
If you are on a Mac, see these instructions on how to delete an SSL certificate.
Use a New Operating System
Older operating systems fall out of date with newer technologies such as TLS 1.3 and the latest cipher suites as browsers stop supporting them. Specific components in the latest SSL certs will simply stop working. Google Chrome, in fact, pulled the plug on Windows XP back in 2015. We always recommend upgrading to newer operating systems if possible, such as Windows 10 or the latest version of Mac OS X.
Temporary Disable Antivirus
The last thing we recommend trying if you are still seeing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is to ensure you don’t have an antivirus program running. Or try temporarily disabling it. Some antivirus programs create a layer between your browser and the web with their own certificates. This can sometimes cause issues.
Related
I am developing an application that needs to be delivered as following:
PWA application server(Host app/IIS) is installed in the local network
PWA should support offline
Domain SSL not possible on the server as it's not a domain
Un attended installation
No configuration should be forced on the client machine, to change chrome settings etc.
I have tried:
Running from VS, Only works on same machine by design
Published to IIS and tried, works ok on the same machine. Offline does not work on mobile
Self sign SSL is not helping, Offline does not work
One option I found is to host it on our server on the internet, after installation access data from intranet server. Not yet tried this.
Looks like it is impossible to deploy PWA as intranet application with self-sign SSL. Am I missing something ?
Is there a way to automate deployment of PWA with self-sign that supports offline working?
To install Mongo DB I can see two versions of installer one with SSL & other as without SSL.
https://www.mongodb.com/download-center?jmp=nav#community
My question is if I download with SSL installer & do not configure SSL then doesn't it same as without SSL installer. What is the need of without SSL installer at first place? Is there anything specific feature which comes in Without SSL installer?
I use Monggo DB in my application but not sure which one I should recommend to my customers as I have mix set of customers who want with/without SSL.
Atul
The difference between the SSL-included version running without SSL enabled, and the SSL-excluded version, is that the version without SSL does not have the SSL libraries even present. If you are concerned about security flaws in OpenSSL, for example, then maybe you should use the version compiled without SSL.
On GitHub Desktop (I use it on Windows), I have had this error over the last few days:
My Internet connection seems to work fine though. What could cause the issue?
Is your internet connection goes through firewall/proxy server. I found that GitHub Windows client is only reliably works when no proxy enabled. Being windows (.NET to be precise) application it takes proxy settings as they defined in Internet Explorer connection settings. Meanwhile, Git itself, which GitHub Windows client desktop application simply uses via command prompt, is governed by http and https proxy settings in .gitconfig file or environment variables. This discrepancy makes it quite sophisticated to setup.
What's interesting, is that desktop app was working the first time I installed it fresh (never had it on this Windows), but it wasn't able to connect to GitHub. Then I started to fiddle with --global http/https settings and I broke the app. Now, even uninstalling and installing it back again, I still have connectivity issues, as it seems to remember settings somewhere, as it doesn't prompt me with welcome screen and does remember my name.
Worth to mention, that even if the app complains about connection, I can clone the repo with it.
This worked for me:
In Internet Explorer: Tools/Internet Options/Connections/LAN Settings
Uncheck "Use a Proxy server..."
Restart GitHub.
You might also be able to disable the Proxy Server via Edge. In my case, I found that after turning it off in IE, it was off in Edge also.
Edit: I also had to update the GitHub application in order to be able to clone to my local repository.
Run FiddlerCap
Check Decrypt HTTPS traffic
Click OK for the dialog warning
Start/Stop/Save Capture
View in fiddler and am only seeing the CONNECT requests.
Any ideas? I've not had this issue before - now experiencing it on two separate pc's (Windows 7).
FiddlerCap was briefly bundled with an outdated version of makecert.exe (39kb) that caused this problem. I've fixed it for FiddlerCap v2.4.9.7 by updating makecert.exe to the latest (55kb), but on Windows 7 with the older build, you may be able to workaround this by simply deleting makecert.exe from the application's installation folder.
I'm currently implementing the Class 2 WebDAV server on my company's MVC / noSQL web app. I'm developing it locally on my machine using visual studio 2013, IIS 8.5, Windows 8.1 and word 365. The documents are stored in the noSQL database.
I've managed to get it working in the past, however recently word refuses to connect to the WebDAV server. When I click the document link it open word and the following error appears:
{ correct web address} cannot connect to server.
I have used your built in logging tool and fiddler to see if any requests are made to the server and there are none.
Are there any steps or suggestion you can make to help me debug this problem.
After reading the documentation a few times and trial and error I found that word was caching in the registry. I followed the instructions and rebuilt my project and it seems to have worked.
http://www.webdavsystem.com/server/documentation/ms_office_read_only
Clear Microsoft Office WebDAV cache in registry. Microsoft Office reads WebDAV server options when connecting to server first time and stores them for later use. If your server settings has changed during development (or you just fixed some server issues) you may need to delete this settings. The Microsoft Office WebDAV cache is stored under the key:
HKEY_CURRENT_USER\Software\Microsoft\Office\\Common\Internet\Server Cache\
To clear cache just delete all keys under this key. In a development environment we suggest always clearing the cache if your WebDAV server class has changed or after authentication scheme has changed. As an alternative to deleting cache, you can just reconfigure your server to run on a different port.
Note that in production environment usually you do not need to clear this cache or change port as soon as you server settings do not change often while Microsoft Office will re-request server options after some time.
As soon as your code worked in the past and now stopped working I guess that the trial period, which is 1 month, of IT Hit WebDAV Ajax Library has ended. Are there any errors in the web browser console? To start a new trial period just redownload it here.