From 3c57a988b0088e953a8b623941c2d3a91dbcca6a Mon Sep 17 00:00:00 2001
From: "Kali Kaneko (leap communications)" <kali@leap.se>
Date: Thu, 24 Jan 2019 19:29:02 +0100
Subject: [bug] allow tls 1.0 as a workaround for buster/sid

in systems with newer openssl, tls 1.0 has been disabled.
however, this breaks the ability of a client in a newer system to
connect with the openvpn servers on providers that are still on stretch.

platform needs to be upgraded.

-Related: #105
---
 pkg/helper/args.go | 1 +
 1 file changed, 1 insertion(+)

(limited to 'pkg')

diff --git a/pkg/helper/args.go b/pkg/helper/args.go
index d6b3bb4..1a5bd3b 100644
--- a/pkg/helper/args.go
+++ b/pkg/helper/args.go
@@ -23,6 +23,7 @@ var (
 		"--remote-cert-tls", "server",
 		"--dhcp-option", "DNS", nameserver,
 		"--log", LogFolder + "openvpn.log",
+		"--tls-version-min", "1.0",
 	}
 
 	allowendArgs = map[string][]string{
-- 
cgit v1.2.3