DTLS failure with OpenSSL 1.0.1e, works in 1.0.1c

Bernhard Schmidt berni at birkenwald.de
Wed Mar 6 09:50:01 EST 2013


Am 06.03.2013 15:38, schrieb Bernhard Schmidt:

FWIW, this sounds similar to

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701868
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1133333

which is also a regression from 1.0.1c to 1.0.1e, but the processor I
have is definitely not AES-NI capable and the workaround described in
the bugreport does not fix it.


> Hello,
> 
> both openconnect 3.20 and 4.99 from Debian (Wheezy/Experimental) fail
> DTLS when libssl has been upgraded to version 1.0.1e. Both work just
> fine when libssl is downgraded to 1.0.1c (the previous version).
> 
> libssl 1.0.1c:
> Connected tun0 as 129.187.49.1 + 2001:4ca0:0:f03a::1, using SSL
> Established DTLS connection (using OpenSSL)
> 
> libssl 1.0.1e:
> Connected tun0 as 129.187.49.3 + 2001:4ca0:0:f03a::3, using SSL
> DTLS handshake failed: 2
> DTLS handshake failed: 1
> 140659643750056:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert
> handshake failure:d1_pkt.c:1166:SSL alert number 40
> 
> The problem can be consistently reproduced by just upgrading libssl.
> 
> A colleague has the same problem with the same workaround on MacOS X
> with MacPorts, so this is most likely an upstream issue.
> 
> Is this a known issue? Any idea how to work around?
> 
> Bernhard
> 
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel




More information about the openconnect-devel mailing list