gost cipher

Metaip N. metaip.nm at gmail.com
Mon Jun 1 23:04:35 PDT 2026 

Hello Team.

I would like to set up cipher based GOST encryption.

I compiled ocserv and openconnect from source.
Generated GOST client and server certs.
Set in ocserv.conf:
                  - tls-priorities = "NONE:+VERS-TLS1.2:+GOST"
Try to connect but without success.
Logs in attach - ocserv.log, openconnect1.log.

Launched gnutls-serv instead of the ocserv.
Logs in attach - gnutls-serv.log, openconnect2.log.

It turns out the client supports GOST encryption.
Ocserv not.

I tried adding the following block in array ciphersuites12 in file
worker-http.c but it didn't help.

```cpp
        { .oc_name = "GOST28147-TC26Z-CNT",
          .gnutls_name =
                  "NONE:+VERS-TLS1.2:+GOST:" WORKAROUND_STR,
          .gnutls_version = GNUTLS_DTLS1_2,
          .gnutls_mac = GNUTLS_MAC_GOST28147_TC26Z_IMIT,
          .gnutls_kx = GNUTLS_KX_VKO_GOST_12,
          .gnutls_cipher = GNUTLS_CIPHER_GOST28147_TC26Z_CNT,
          .dtls12_mode = 1,
          .server_prio = 90 },
```

Could you please tell me where to add GOST ciphers to the ocserv source code.
Thanks in advance.

Mark A.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnutls-serv.log
Type: application/octet-stream
Size: 3290 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20260602/11405ca4/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openconnect2.log
Type: application/octet-stream
Size: 837 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20260602/11405ca4/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openconnect1.log
Type: application/octet-stream
Size: 487 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20260602/11405ca4/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ocserv.log
Type: application/octet-stream
Size: 8496 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20260602/11405ca4/attachment-0003.obj>

More information about the openconnect-devel mailing list