openssl-0.9.8l is out but still incompatible with openconnect

Adam Piątyszek adam.piatyszek at gmail.com
Sun Nov 8 12:19:28 EST 2009


Hi,

Since 5th November there is a new maintenance release of openssl-0.9.8 
stable branch. It is denoted with version 0.9.8l.

Unfortunately, it seems that it is still incompatible with the "bad" 
DTLS used by Cisco. Here is the warning I get during connection:

=====8<=====
csd.linux.i386
  * Stopping dnsmasq ...                                      [ ok ]
  * Starting dnsmasq ...                                      [ ok ]
SSL_set_session() failed with old protocol version 0x100
Your OpenSSL may lack Cisco compatibility support
See http://rt.openssl.org/Ticket/Display.html?id=1751
Use the --no-dtls command line option to avoid this message
Set up DTLS failed; using SSL instead
=====8<=====

Can anybody confirm this?

I thought all required patches were accepted and included in the 
openssl's 0.9.8 stable branch...

/Adam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3336 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://bombadil.infradead.org/pipermail/openconnect-devel/attachments/20091108/e885ed0c/attachment.bin>


More information about the openconnect-devel mailing list