On Fri, Jul 20, 2018 at 9:54 AM, Dave Hansen <dave at sr71.net> wrote: > TL;DR: openconnect on Ubuntu 14.04 fails to connect to Intel VPN servers > that blacklist TLS 1.0. Where should this get fixed? This seems to be a common feature of newer Cisco servers. I tried handshaking with a bunch of Cisco servers with "gnutls-cli --priority LEGACY:-VERS-TLS-ALL:+VERS-TLS1.0", and all the newer ones fail. > Further, this code still seems to be around in openconnect, at least > when compiled against old versions of gnutls: I looked at the history of this section of the code, and it's not apparent to me why these version-specific priority strings were added to openconnect. Perhaps Nikos or David can comment? Made they had to do with some unexpected corner case in a particular GnuTLS version? http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/084e1d82f2fb5ad639810da2a64890ba4ede1896 Dan