openconnect fails against ASA 9.2.1
Kevin Cernekee
cernekee at gmail.com
Mon Apr 28 09:04:14 PDT 2014
On Mon, Apr 28, 2014 at 8:08 AM, Erinn Looney-Triggs
<erinn.looneytriggs at gmail.com> wrote:
> I am guessing that this has to do with their upgrade to openssl
> 1.0.1e, but that is just a guess, tried with 5.99 and 5.01 on Fedora 20.
openssl 1.0.1e does require a patch. "configure" should have
complained with an error like this:
checking for OPENSSL... yes
OpenSSL> checking for known-broken versions of OpenSSL... yes
configure: error: This version of OpenSSL is known to be broken with Cisco DTLS.
See http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest
Add --without-openssl-version-check to configure args to avoid this check, or
perhaps consider building with GnuTLS instead.
I believe the ASA side is using the old 1.0.0 branch. Do you see a
sensitivity to certain ASA firmware versions, or did you only test
9.2.1?
> - From the stdout:
> received server terminate packet
> Send BYE packet: Server request
Could you please send the full output from running "openconnect -v
--timestamp HOSTNAME" using 5.99?
Thanks
More information about the openconnect-devel
mailing list