On 25 June 2018 at 10:34, Daniel Lenski <dlenski at gmail.com> wrote: > On Sat, Jun 23, 2018 at 12:22 PM, Jeroen Balduyck > <jeroen.balduyck at gmail.com> wrote: >> Hi >> >> I've been struggling to get this option to work. Wireshark reports >> this cipher in the server hello: >> Cipher Suite: TLS_PSK_WITH_AES_256_GCM_SHA384 (0x00a9) > > Are you sure that the server supports this ciphersuite for *DTLS*, as > opposed to TLS? > If it's a Cisco AnyConnect server (as opposed to ocserv) then it's a > "speshul" pre-1.0 version of DTLS? > http://www.infradead.org/openconnect/technical.html > > Dan Hi Dan, I *think* I figured it out. Hopefully this post will make it to the list (my other one for this topic is under moderation). I'm using the info from this document: https://tools.ietf.org/id/draft-mavrogiannopoulos-openconnect-00.html - For DTLS 1.2 - OC-DTLS1_2-AES128-GCM TLS_RSA_WITH_AES_128_GCM_SHA256 DTLS 1.2 OC-DTLS1_2-AES256-GCM TLS_RSA_WITH_AES_256_GCM_SHA256 DTLS 1.2 Those appear to be the only valid ciphers for DTLS 1.2 (section 2.1.5.1). In the section immediately above it (section 2.1.5), it says "X-DTLS-CipherSuite: Must contain the keyword PSK-NEGOTIATE". So a valid string would be --dtls-chipers='PSK-NEGOTIATE:OC-DTLS1_2-AES128-GCM'. This string is being passed in the HTTPS connect headers, which can be viewed using --dump-http-traffic. However, the server I am connecting to just seems to ignore this and defaults to OC-DTLS1_2-AES256-GCM. Openconnect will happily connect with OC-DTLS1_2-AES256-GCM even when this cipher is absent from the aforementioned cipher string where I explicitly stated I want OC-DTLS1_2-AES128-GCM So it seems we can no longer enforce a cipher for DTLS1.2. For older ciphers (DTLS 1.0) it still works DES-CBC3-SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA1 DTLS 0.9 (pre-draft version) AES128-SHA TLS_RSA_WITH_AES_128_CBC_SHA1 DTLS 0.9 (pre-draft version) AES256-SHA TLS_RSA_WITH_AES_256_CBC_SHA1 DTLS 0.9 (pre-draft version)
