openconnect fails against ASA 9.2.1
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Mon Apr 28 09:13:27 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 04/28/2014 10:04 AM, Kevin Cernekee wrote:
> On Mon, Apr 28, 2014 at 8:08 AM, Erinn Looney-Triggs
> <erinn.looneytriggs at gmail.com> wrote:
>> I am guessing that this has to do with their upgrade to openssl
>> 1.0.1e, but that is just a guess, tried with 5.99 and 5.01 on
>> Fedora 20.
>
> openssl 1.0.1e does require a patch. "configure" should have
> complained with an error like this:
>
> checking for OPENSSL... yes OpenSSL> checking for known-broken
> versions of OpenSSL... yes configure: error: This version of
> OpenSSL is known to be broken with Cisco DTLS. See
> http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest
>
>
Add --without-openssl-version-check to configure args to avoid this
check, or
> perhaps consider building with GnuTLS instead.
>
> I believe the ASA side is using the old 1.0.0 branch. Do you see
> a sensitivity to certain ASA firmware versions, or did you only
> test 9.2.1?
>
>> - From the stdout: received server terminate packet Send BYE
>> packet: Server request
>
> Could you please send the full output from running "openconnect -v
> --timestamp HOSTNAME" using 5.99?
>
> Thanks
>
I am sorry I should have been clearer, the ASA software is now using
openssl 1.0.1e according to Cisco's release notes.
Anyway, like a puff of smoke in the wind the problem just up and
disappeared on me. So it looks like the problem must be on my client
end somewhere. 5.99 seems to be working just fine against ASA software
9.2.1.
Thanks for the response and sorry for the noise,
- -Erinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJTXn4iAAoJEFg7BmJL2iPOamEIALtQKQq3zwBNzM+tdkhBEnAf
7R8EzPQ5Yhv+nRz3nBE24FBGRk2p0CxgjjyfYR9vd0VviH7/FQHmgid7n5NeZYy+
3LesII01+gfV9fUpnEhj1XOSLWd3tCOxR4wfNdgmxtGBLNr+FXAluZuLLtGTo1SG
R0mhshtDFm4gziZW99JMoyIKaJhKPSHTAsmGK4sYeAul3LRJH7EoSb4wiD40Px/D
C/QHvrofauB5GefrkEjxfclH6XlZN7ViETzXj8l3oZ3L6/wAff/Y0TeZIm3liemr
kgc2i0e3OXBsKq5pkrVcffn08dkqzotVdEBHmvdL2rxNL8aehSgcObBOTSiheeY=
=vrmY
-----END PGP SIGNATURE-----
More information about the openconnect-devel
mailing list