Getting "SSL connection failure: PKCS #11 error." even when supplying the correct CA file

David Raison david at
Fri Sep 22 05:39:10 PDT 2017

Hi Nikos,

On 22/09/17 02:38, Nikos Mavrogiannopoulos wrote:
> Without using debugging tools you most likely never find the culprit. From you previous logs, the client fails at signing with rsa-sha512. A long shot may be that there is a buffer overflow somewhere due to sha512. Have you tried eliminating this signing algorithm from server (or client)?

Unfortunately I don't control the server (or I wouldn't be using
AnyConnect :P) but maybe Noël or I can try disabling RSA-SHA512 on the
client side and see if that changes anything.


TenTwentyFour S.à r.l.
T: +352 20 211 1024
F: +352 20 211 1023
3 Avenue du Blues
4368 Belvaux

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the openconnect-devel mailing list