-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 04/28/2014 10:04 AM, Kevin Cernekee wrote: > On Mon, Apr 28, 2014 at 8:08 AM, Erinn Looney-Triggs > <erinn.looneytriggs at gmail.com> wrote: >> I am guessing that this has to do with their upgrade to openssl >> 1.0.1e, but that is just a guess, tried with 5.99 and 5.01 on >> Fedora 20. > > openssl 1.0.1e does require a patch. "configure" should have > complained with an error like this: > > checking for OPENSSL... yes OpenSSL> checking for known-broken > versions of OpenSSL... yes configure: error: This version of > OpenSSL is known to be broken with Cisco DTLS. See > http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest > > Add --without-openssl-version-check to configure args to avoid this check, or > perhaps consider building with GnuTLS instead. > > I believe the ASA side is using the old 1.0.0 branch. Do you see > a sensitivity to certain ASA firmware versions, or did you only > test 9.2.1? > >> - From the stdout: received server terminate packet Send BYE >> packet: Server request > > Could you please send the full output from running "openconnect -v > --timestamp HOSTNAME" using 5.99? > > Thanks > I am sorry I should have been clearer, the ASA software is now using openssl 1.0.1e according to Cisco's release notes. Anyway, like a puff of smoke in the wind the problem just up and disappeared on me. So it looks like the problem must be on my client end somewhere. 5.99 seems to be working just fine against ASA software 9.2.1. Thanks for the response and sorry for the noise, - -Erinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJTXn4iAAoJEFg7BmJL2iPOamEIALtQKQq3zwBNzM+tdkhBEnAf 7R8EzPQ5Yhv+nRz3nBE24FBGRk2p0CxgjjyfYR9vd0VviH7/FQHmgid7n5NeZYy+ 3LesII01+gfV9fUpnEhj1XOSLWd3tCOxR4wfNdgmxtGBLNr+FXAluZuLLtGTo1SG R0mhshtDFm4gziZW99JMoyIKaJhKPSHTAsmGK4sYeAul3LRJH7EoSb4wiD40Px/D C/QHvrofauB5GefrkEjxfclH6XlZN7ViETzXj8l3oZ3L6/wAff/Y0TeZIm3liemr kgc2i0e3OXBsKq5pkrVcffn08dkqzotVdEBHmvdL2rxNL8aehSgcObBOTSiheeY= =vrmY -----END PGP SIGNATURE-----
