On 2018-07-18 05:45:48, Nikos Mavrogiannopoulos wrote:
> You cannot with the current ocserv as it doesn't support anything but
> aes-128 or 3des for compatibility with anyconnect. You could try a
> patch like the one below if AES256-SHA is supported by anyconnect. If
> that works for you, we'd only need a test case for it, to include it in
> the server.
>
> regards,
> Nikos
Thanks Nikos! The patch works well with AnyConnect client 4.6.01103 on
Linux and Windows.
TLS ciphersuite: (TLS1.2)-(ECDHE-RSA-SECP521R1)-(AES-256-GCM)
DTLS cipher: (DTLS0.9)-(RSA)-(AES-256-CBC)-(SHA1)
