I'm not sure about other people use-cases, but I've used Openconnect with LibreSSL for about a year and couldn't really complain, although I use it only for remote work. I use GnuTLS-based Openconnect on other computer with different OS and don't really see the difference in performance. I really don't know other people's opinions but if you ask me, sure make it build. You could openly state in next release's release notes that it works, but may be slow (and you recommend GnuTLS), so that you don't get next mails from other people using LibreSSL and saying it's slow :) On 08/31/16 08:15 PM, David Woodhouse wrote: > On Wed, 2016-08-31 at 20:01 +0200, Piotr Kubaj wrote: >> >> When connecting I get: >> SSL_set_session() failed with old protocol version 0x100 >> Are you using a version of OpenSSL older than 0.9.8m? >> See http://rt.openssl.org/Ticket/Display.html?id=1751 >> Use the --no-dtls command line option to avoid this message >> Set up DTLS failed; using SSL instead >> >> which is harmless > > It isn't harmless. It means you are using TCP over TCP, and your UDP > transport is broken. The performance is going to suck if you see any > packet loss on the Internet between you and the server. > > I can make it build if you really want, but I *really* don't want > anyone actually *using* it like this. People should build against > OpenSSL or GnuTLS instead, unless we can fix LibreSSL. > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160831/8416424d/attachment.sig>
