OpenConnect 7.07 fails to build with LibreSSL

David Woodhouse dwmw2 at infradead.org
Wed Aug 31 11:15:39 PDT 2016


On Wed, 2016-08-31 at 20:01 +0200, Piotr Kubaj wrote:
> 
> When connecting I get:
> SSL_set_session() failed with old protocol version 0x100
> Are you using a version of OpenSSL older than 0.9.8m?
> See http://rt.openssl.org/Ticket/Display.html?id=1751
> Use the --no-dtls command line option to avoid this message
> Set up DTLS failed; using SSL instead
> 
> which is harmless

It isn't harmless. It means you are using TCP over TCP, and your UDP
transport is broken. The performance is going to suck if you see any
packet loss on the Internet between you and the server.

I can make it build if you really want, but I *really* don't want
anyone actually *using* it like this. People should build against
OpenSSL or GnuTLS instead, unless we can fix LibreSSL.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160831/04762899/attachment.bin>


More information about the openconnect-devel mailing list