From 930141b423744f9269a8ad1aebf3c4ffb2e60ae5 Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Wed, 30 Jan 2019 18:58:58 +0100
Subject: [bug] allow tls 1.0 as a workaround for buster/sid

in systems with newer openssl, tls 1.0 has been disabled.
however, this breaks the ability of a client in a newer system to
connect with the openvpn servers on providers that are still on stretch.

platform needs to be upgraded.

-Related: https://0xacab.org/leap/bitmask-vpn/issues/105
---
 src/leap/bitmask/vpn/helpers/linux/bitmask-root | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/leap/bitmask/vpn/helpers/linux/bitmask-root b/src/leap/bitmask/vpn/helpers/linux/bitmask-root
index dad5247e..52c1838b 100755
--- a/src/leap/bitmask/vpn/helpers/linux/bitmask-root
+++ b/src/leap/bitmask/vpn/helpers/linux/bitmask-root
@@ -123,6 +123,7 @@ FIXED_FLAGS = [
     "--user", "nobody",
     "--persist-key",
     "--persist-local-ip",
+    "--tls-version-min", "1.0",
 ]
 
 if OPENVPN_GROUP is not None:
-- 
cgit v1.2.3