Failed to read from SSL socket: The TLS connection was non-properly terminated
Daniel Lenski
dlenski at gmail.com
Mon Mar 29 17:52:14 BST 2021
On Sat, Mar 27, 2021, 9:35 AM Oton Marques Jr. <otonmarques at gmail.com> wrote:
>
> I can connect to my company's vpn using cisco's client, but when I try
> it using openconnect (with servercert parameter), I get the
> following:
> --
> $ openconnect GATEWAY-IP --servercert <pin-sha256>
> Connected to GATEWAY-IP:443
> SSL negotiation with GATEWAY-IP
> Server certificate verify failed: signer not found
> Connected to HTTPS on GATEWAY-IP
> Failed to read from SSL socket: The TLS connection was non-properly terminated.
> Error fetching HTTPS response
> GET https://GATEWAY-IP/
> Connected to GATEWAY-IP:443
> SSL negotiation with GATEWAY-IP
> Server certificate verify failed: signer not found
> Connected to HTTPS on GATEWAY-IP
> Failed to read from SSL socket: The TLS connection was non-properly terminated.
> Error fetching HTTPS response
> Failed to obtain WebVPN cookie
What OS? What version of OpenConnect are you running and what crypto
library? Use `openconnect --version` to show it.
If you're running a newer version of OpenConnect, against a very old
server… there is a chance that your server is ancient and uses some
ancient (and insecure) encryption, which OpenConnect will refuse to
connect to with this error. If so, you may need to use the
--allow-insecure-crypto option, which is not yet in a released version
of OpenConnect, but will be in the next one.
(https://gitlab.com/openconnect/openconnect/-/merge_requests/114)
Dan
More information about the openconnect-devel
mailing list