GnuTLS & OpenSSL incompatibility in RHEL

Alexander Rumyantsev alexander at rumyantsev.com
Mon Sep 22 23:42:05 PDT 2014


Hi!

I have ocserv running on RHEL 6.5 and openconnect on OS X 10.9+macports
Recently I decided to hide ocserv behind haproxy to separate anyconnect connections from browser connections by User-Agent header.
But i couldn’t establish connection due to following error: "SSL connection failure: curve not supported"
I think that’s because of RHEL ships with hobbled OpenSSL (against of which haproxy was built) with very limited elliptic curves support due to RH Legal patent fears.

Don’t even know how to deal with this, or even it worth of dealing.

P.S. I think the mode of external ssl termination with unix socket support will be very useful in ocserv.

Best regards,
Alexander Rumyantsev


More information about the openconnect-devel mailing list