SSL read error: Success
Yuri
me at koshaq.net
Wed May 17 13:59:40 PDT 2017
Hi there.
We're using openconnect 7.08 on Arch Linux and the server is running ocserv.
Client:
Arch Linux
OpenConnect version v7.08
Using GnuTLS. Features present: PKCS#11, HOTP software token, TOTP
software token, Yubikey OATH, System keys, DTLS
GnuTLS version: gnutls 3.5.11-1
Server:
Debian jessie, ocserv 0.11.6
I noticed that when I connect from this particular Arch machine, DTLS
wouldn't work. I also tried recompiling openconnect with OpenSSL, but
ultimately I see the same output at the server. Connecting without
DTLS works fine, though.
Other machines (Ubuntu 14.04 running openconnect, and any number of
diverse AnyConnect clients we already had on our network) don't seem
to have this issue.
We're also using letsencrypt certificates on server
Could anyone point me at what the server doesn't like about the client?
The output from client is below.
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 90, Keepalive 32400
Connected as 10.65.11.74, using SSL
SSL read error: Success.; reconnecting.
Connected to IP.ADD.RE.SS:443
SSL negotiation with server.name
Connected to HTTPS on server.name
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 90, Keepalive 32400
SSL read error: Success.; reconnecting.
Connected to IP.ADD.RE.SS:443
... etc
And on the server I see:
May 17 15:00:38 test-vpngw02 ocserv[1914]: worker[username]:
IP.ADD.RE.SS worker-vpn.c:236: could not set TLS priority:
'NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-VERS-ALL:-KX-ALL:+PSK:+VERS-DTLS-ALL':
The request is invalid.
In the server's config file there is:
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
Best regards,
Yuri.
More information about the openconnect-devel
mailing list