Failed to read from SSL socket: The TLS connection was non-properly terminated

[Oton Marques Jr.]

Linux Mint 20.1 5.4.0-70-generic
OpenConnect version v8.05-1
Using GnuTLS. Features present: TPMv2, PKCS#11, RSA software token,
HOTP software token, TOTP software token, Yubikey OATH, System keys,
DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse

I'll try to find out if the server's version is too old.

Thanks



Em seg., 29 de mar. de 2021 às 13:52, Daniel Lenski
<dlenski at gmail.com> escreveu:
>
> On Sat, Mar 27, 2021, 9:35 AM Oton Marques Jr. <otonmarques at gmail.com> wrote:
> >
> > I can connect to my company's vpn using cisco's client, but when I try
> > it using openconnect (with servercert parameter), I  get the
> > following:
> > --
> > $ openconnect GATEWAY-IP --servercert <pin-sha256>
> > Connected to GATEWAY-IP:443
> > SSL negotiation with GATEWAY-IP
> > Server certificate verify failed: signer not found
> > Connected to HTTPS on GATEWAY-IP
> > Failed to read from SSL socket: The TLS connection was non-properly terminated.
> > Error fetching HTTPS response
> > GET https://GATEWAY-IP/
> > Connected to GATEWAY-IP:443
> > SSL negotiation with GATEWAY-IP
> > Server certificate verify failed: signer not found
> > Connected to HTTPS on GATEWAY-IP
> > Failed to read from SSL socket: The TLS connection was non-properly terminated.
> > Error fetching HTTPS response
> > Failed to obtain WebVPN cookie
>
>
> What OS? What version of OpenConnect are you running and what crypto
> library? Use `openconnect --version` to show it.
>
> If you're running a newer version of OpenConnect, against a very old
> server… there is a chance that your server is ancient and uses some
> ancient (and insecure) encryption, which OpenConnect will refuse to
> connect to with this error. If so, you may need to use the
> --allow-insecure-crypto option, which is not yet in a released version
> of OpenConnect, but will be in the next one.
> (https://gitlab.com/openconnect/openconnect/-/merge_requests/114)
>
> Dan