Diagnosing error "SSL read error: The TLS connection was non-properly terminated"

John Hendy jw.hendy at gmail.com
Thu Apr 17 14:29:54 PDT 2014 

Greetings,


I finally got openconnect to work with my company's Cisco VPN system
via some various help from the web and a co-worker on setting up a
csd-wrapper. However, I'm getting constant disconnection/reconnection
behaviors. Here's the output from my recent session:
- http://pastebin.com/wyHTzjwR

That error is generated every few seconds. One internal site seems to
go on operating reasonably fine (though very slow), while my company
mail client (browser-based) won't send any emails and requests
frequent re-authentication.

Here's the ~/.cisco/csd-wrapper.sh script used:

$ cat ~/.cisco/csd-wrapper.sh
#!/bin/bash

shift

URL=
TICKET=
STUB=
GROUP=
CERTHASH=
LANGSELEN=

while [ "$1" ]; do
    echo "PARAM '$1' ==> $2"
    if [ "$1" == "-ticket" ];   then shift; TICKET=$1; fi
    if [ "$1" == "-stub" ];     then shift; STUB=$1; fi
    if [ "$1" == "-group" ];    then shift; GROUP=$1; fi
    if [ "$1" == "-certhash" ]; then shift; CERTHASH=$1; fi
    if [ "$1" == "-url" ];      then shift; URL=$1; fi
    if [ "$1" == "-langselen" ];then shift; LANGSELEN=$1; fi
    shift
done

echo "URL:          $URL"
echo "TICKET:       $TICKET"
echo "STUB:         $STUB"
echo "GROUP:        $GROUP"
echo "CERTHASH:     $CERTHASH"
echo "LANGSELEN:    $LANGSELEN"

#ARGS="-log debug -ticket $TICKET -stub $STUB -group $GROUP -host $URL
-certhash $CERTHASH"
ARGS="-log error -ticket $TICKET -stub $STUB -group $GROUP -host $URL
-certhash $CERTHASH"

$HOME/.cisco/hostscan/bin/cstub $ARGS


Is this the case of a simple openconnect argument I'm not using/need
to specify or something else? Consider me completely ignorant with
respect to network/tunneling/etc., but I'm happy to collect any other
information suggested and post back. This is what seemed obvious to
start with, and I couldn't find any hits for the exact error I'm
getting. In fact, searching google for the exact phrase "SSL read
error: The TLS connection was non-properly terminated" only gets me
the pastebin I just posted.

Is this an error message specific to my company, or should these
messages be standard across all of them?


Many thanks,
John

More information about the openconnect-devel mailing list