Openconnect and old gnutls on Ubuntu 14.04
Daniel Lenski
dlenski at gmail.com
Tue Jul 24 16:21:54 UTC 2018
On Fri, Jul 20, 2018 at 9:54 AM, Dave Hansen <dave at sr71.net> wrote:
> TL;DR: openconnect on Ubuntu 14.04 fails to connect to Intel VPN servers
> that blacklist TLS 1.0. Where should this get fixed?
This seems to be a common feature of newer Cisco servers. I tried
handshaking with a bunch of Cisco servers with "gnutls-cli --priority
LEGACY:-VERS-TLS-ALL:+VERS-TLS1.0", and all the newer ones fail.
> Further, this code still seems to be around in openconnect, at least
> when compiled against old versions of gnutls:
I looked at the history of this section of the code, and it's not
apparent to me why these version-specific priority strings were added
to openconnect. Perhaps Nikos or David can comment? Made they had to
do with some unexpected corner case in a particular GnuTLS version?
http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/084e1d82f2fb5ad639810da2a64890ba4ede1896
Dan
More information about the Ubuntu-motu
mailing list