OpenConnect 7.07 fails to build with LibreSSL
Piotr Kubaj
pkubaj at anongoth.pl
Wed Aug 31 11:37:55 PDT 2016
I'm not sure about other people use-cases, but I've used Openconnect
with LibreSSL for about a year and couldn't really complain, although I
use it only for remote work. I use GnuTLS-based Openconnect on other
computer with different OS and don't really see the difference in
performance.
I really don't know other people's opinions but if you ask me, sure make
it build. You could openly state in next release's release notes that it
works, but may be slow (and you recommend GnuTLS), so that you don't get
next mails from other people using LibreSSL and saying it's slow :)
On 08/31/16 08:15 PM, David Woodhouse wrote:
> On Wed, 2016-08-31 at 20:01 +0200, Piotr Kubaj wrote:
>>
>> When connecting I get:
>> SSL_set_session() failed with old protocol version 0x100
>> Are you using a version of OpenSSL older than 0.9.8m?
>> See http://rt.openssl.org/Ticket/Display.html?id=1751
>> Use the --no-dtls command line option to avoid this message
>> Set up DTLS failed; using SSL instead
>>
>> which is harmless
>
> It isn't harmless. It means you are using TCP over TCP, and your UDP
> transport is broken. The performance is going to suck if you see any
> packet loss on the Internet between you and the server.
>
> I can make it build if you really want, but I *really* don't want
> anyone actually *using* it like this. People should build against
> OpenSSL or GnuTLS instead, unless we can fix LibreSSL.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160831/8416424d/attachment.sig>
More information about the openconnect-devel
mailing list