SSL read error: Success

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 17, 2017 at 10:59 PM, Yuri <me at koshaq.net> wrote:
> Hi there.
>
> We're using openconnect 7.08 on Arch Linux and the server is running ocserv.
> Server:
>
> Debian jessie, ocserv 0.11.6
> I noticed that when I connect from this particular Arch machine, DTLS
> wouldn't work. I also tried recompiling openconnect with OpenSSL, but
> ultimately I see the same output at the server. Connecting without
> DTLS works fine, though.

[...]

> And on the server I see:
> May 17 15:00:38 test-vpngw02 ocserv[1914]: worker[username]:
> IP.ADD.RE.SS worker-vpn.c:236: could not set TLS priority:
> 'NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-VERS-ALL:-KX-ALL:+PSK:+VERS-DTLS-ALL':
> The request is invalid.

As indicated above, the error is on the server. My guess is that if
jessie is on 3.3.8 the -VERS-ALL is not available, and that's why it
complains.
You can verify by checking the output of:
gnutls-cli -l --priority
'NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-VERS-ALL:-KX-ALL:+PSK:+VERS-DTLS-ALL'


regards,
Nikos



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux