DTLS disabled on server?
Peter Brant
peter.brant at gmail.com
Mon Oct 3 12:24:52 PDT 2016
It turns out the problem was caused by changing the DTLS cipher
security level from Medium to High on the ASA. Setting it back to
Medium has fixed the problem.
My co-worker noted that with High, the only enabled cipher was
DHE-RSA-AES256-SHA. With Medium, the following are also enabled:
DES-CBC3-SHA
AES128-SHA
DHE-RSA-AES128-SHA
AES256-SHA
DHE-RSA-AES256-SHA
The server is now returning X-DTLS-CipherSuite: AES256-SHA.
I must confess my knowledge of encryption is rudimentary. Is the High
selection even reasonable? If so, might it be supported in a later
version of OpenSSL?
Thanks,
Peter
More information about the openconnect-devel
mailing list