SSL read error: Success
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Wed May 17 23:19:17 PDT 2017
On Wed, May 17, 2017 at 10:59 PM, Yuri <me at koshaq.net> wrote:
> Hi there.
>
> We're using openconnect 7.08 on Arch Linux and the server is running ocserv.
> Server:
>
> Debian jessie, ocserv 0.11.6
> I noticed that when I connect from this particular Arch machine, DTLS
> wouldn't work. I also tried recompiling openconnect with OpenSSL, but
> ultimately I see the same output at the server. Connecting without
> DTLS works fine, though.
[...]
> And on the server I see:
> May 17 15:00:38 test-vpngw02 ocserv[1914]: worker[username]:
> IP.ADD.RE.SS worker-vpn.c:236: could not set TLS priority:
> 'NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-VERS-ALL:-KX-ALL:+PSK:+VERS-DTLS-ALL':
> The request is invalid.
As indicated above, the error is on the server. My guess is that if
jessie is on 3.3.8 the -VERS-ALL is not available, and that's why it
complains.
You can verify by checking the output of:
gnutls-cli -l --priority
'NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-VERS-ALL:-KX-ALL:+PSK:+VERS-DTLS-ALL'
regards,
Nikos
More information about the openconnect-devel
mailing list