DTLS failure with OpenSSL 1.0.1e, works in 1.0.1c
Bernhard Schmidt
berni at birkenwald.de
Wed Mar 6 09:38:57 EST 2013
Hello,
both openconnect 3.20 and 4.99 from Debian (Wheezy/Experimental) fail
DTLS when libssl has been upgraded to version 1.0.1e. Both work just
fine when libssl is downgraded to 1.0.1c (the previous version).
libssl 1.0.1c:
Connected tun0 as 129.187.49.1 + 2001:4ca0:0:f03a::1, using SSL
Established DTLS connection (using OpenSSL)
libssl 1.0.1e:
Connected tun0 as 129.187.49.3 + 2001:4ca0:0:f03a::3, using SSL
DTLS handshake failed: 2
DTLS handshake failed: 1
140659643750056:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert
handshake failure:d1_pkt.c:1166:SSL alert number 40
The problem can be consistently reproduced by just upgrading libssl.
A colleague has the same problem with the same workaround on MacOS X
with MacPorts, so this is most likely an upstream issue.
Is this a known issue? Any idea how to work around?
Bernhard
More information about the openconnect-devel
mailing list