Openconnect and old gnutls on Ubuntu 14.04

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 20, 2018 at 9:54 AM, Dave Hansen <dave at sr71.net> wrote:
> TL;DR: openconnect on Ubuntu 14.04 fails to connect to Intel VPN servers
> that blacklist TLS 1.0.  Where should this get fixed?

This seems to be a common feature of newer Cisco servers. I tried
handshaking with a bunch of Cisco servers with "gnutls-cli --priority
LEGACY:-VERS-TLS-ALL:+VERS-TLS1.0", and all the newer ones fail.

> Further, this code still seems to be around in openconnect, at least
> when compiled against old versions of gnutls:

I looked at the history of this section of the code, and it's not
apparent to me why these version-specific priority strings were added
to openconnect. Perhaps Nikos or David can comment? Made they had to
do with some unexpected corner case in a particular GnuTLS version?
http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/084e1d82f2fb5ad639810da2a64890ba4ede1896

Dan



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux