From metaip.nm at gmail.com Mon Jun 1 23:04:35 2026 From: metaip.nm at gmail.com (Metaip N.) Date: Tue, 2 Jun 2026 11:04:35 +0500 Subject: gost cipher Message-ID: Hello Team. I would like to set up cipher based GOST encryption. I compiled ocserv and openconnect from source. Generated GOST client and server certs. Set in ocserv.conf: - tls-priorities = "NONE:+VERS-TLS1.2:+GOST" Try to connect but without success. Logs in attach - ocserv.log, openconnect1.log. Launched gnutls-serv instead of the ocserv. Logs in attach - gnutls-serv.log, openconnect2.log. It turns out the client supports GOST encryption. Ocserv not. I tried adding the following block in array ciphersuites12 in file worker-http.c but it didn't help. ```cpp { .oc_name = "GOST28147-TC26Z-CNT", .gnutls_name = "NONE:+VERS-TLS1.2:+GOST:" WORKAROUND_STR, .gnutls_version = GNUTLS_DTLS1_2, .gnutls_mac = GNUTLS_MAC_GOST28147_TC26Z_IMIT, .gnutls_kx = GNUTLS_KX_VKO_GOST_12, .gnutls_cipher = GNUTLS_CIPHER_GOST28147_TC26Z_CNT, .dtls12_mode = 1, .server_prio = 90 }, ``` Could you please tell me where to add GOST ciphers to the ocserv source code. Thanks in advance. Mark A. -------------- next part -------------- A non-text attachment was scrubbed... Name: gnutls-serv.log Type: application/octet-stream Size: 3290 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: openconnect2.log Type: application/octet-stream Size: 837 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: openconnect1.log Type: application/octet-stream Size: 487 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ocserv.log Type: application/octet-stream Size: 8496 bytes Desc: not available URL: