OpenConnect-GUI: A record packet with illegal version was received.

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Nov 2 07:01:24 PST 2014


On Sun, 2014-11-02 at 22:34 +0800, Niels Peen wrote:
> Hi guys,
> Any idea what would cause the “illegal version” error? I’m assuming it’s 
> referring to the SSL/TLS version. This server (ocserv) works fine for other 
> users  of OpenConnect-GUI and also for this particular user if he uses 
> OpenConnect on Android instead of Windows. (Also OpenVPN on the
> same computer works without issues.)
> 
> 2014-11-02 17:54 POST https://XXXXX/
> 2014-11-02 17:54 Attempting to connect to server 123.123.123.123:443
> 2014-11-02 17:54 SSL negotiation with XXXXX
> 2014-11-02 17:54 SSL connection failure: A record packet with illegal version was received.

The cases that this can happen is when there are no commonly supported
protocols, or the peer doesn't correctly set the TLS record versions.
That's almost impossible to occur between two gnutls peers. Could that
again be related to a firewall that modifies the packets sent/received?

regards,
Nikos





More information about the openconnect-devel mailing list