By reading gnutls.c I have the following fixes. A question is, whether the DISABLE_SAFE_RENEGOTIATION flag is intentional. I see that I copied that to ocserv, but as far as I know this has no interoperability issues, and using it, makes known attacks apply to openconnect. regards, Nikos -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-remove-the-disable-safe-renegotiation-flag-from-DTLS.patch Type: text/plain-diff Size: 1954 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141027/d5a8e9c4/attachment.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: 0003-corrected-gnutls-version-number-check.patch Type: text/plain-diff Size: 819 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141027/d5a8e9c4/attachment-0001.bin>