On Mon, Apr 28, 2014 at 8:08 AM, Erinn Looney-Triggs <erinn.looneytriggs at gmail.com> wrote: > I am guessing that this has to do with their upgrade to openssl > 1.0.1e, but that is just a guess, tried with 5.99 and 5.01 on Fedora 20. openssl 1.0.1e does require a patch. "configure" should have complained with an error like this: checking for OPENSSL... yes OpenSSL> checking for known-broken versions of OpenSSL... yes configure: error: This version of OpenSSL is known to be broken with Cisco DTLS. See http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest Add --without-openssl-version-check to configure args to avoid this check, or perhaps consider building with GnuTLS instead. I believe the ASA side is using the old 1.0.0 branch. Do you see a sensitivity to certain ASA firmware versions, or did you only test 9.2.1? > - From the stdout: > received server terminate packet > Send BYE packet: Server request Could you please send the full output from running "openconnect -v --timestamp HOSTNAME" using 5.99? Thanks
