Am 06.03.2013 15:38, schrieb Bernhard Schmidt: FWIW, this sounds similar to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701868 https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1133333 which is also a regression from 1.0.1c to 1.0.1e, but the processor I have is definitely not AES-NI capable and the workaround described in the bugreport does not fix it. > Hello, > > both openconnect 3.20 and 4.99 from Debian (Wheezy/Experimental) fail > DTLS when libssl has been upgraded to version 1.0.1e. Both work just > fine when libssl is downgraded to 1.0.1c (the previous version). > > libssl 1.0.1c: > Connected tun0 as 129.187.49.1 + 2001:4ca0:0:f03a::1, using SSL > Established DTLS connection (using OpenSSL) > > libssl 1.0.1e: > Connected tun0 as 129.187.49.3 + 2001:4ca0:0:f03a::3, using SSL > DTLS handshake failed: 2 > DTLS handshake failed: 1 > 140659643750056:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert > handshake failure:d1_pkt.c:1166:SSL alert number 40 > > The problem can be consistently reproduced by just upgrading libssl. > > A colleague has the same problem with the same workaround on MacOS X > with MacPorts, so this is most likely an upstream issue. > > Is this a known issue? Any idea how to work around? > > Bernhard > > _______________________________________________ > openconnect-devel mailing list > openconnect-devel at lists.infradead.org > http://lists.infradead.org/mailman/listinfo/openconnect-devel
