OpenConnect 7.07 fails to build with LibreSSL

Piotr Kubaj pkubaj at
Wed Aug 31 11:37:55 PDT 2016

I'm not sure about other people use-cases, but I've used Openconnect
with LibreSSL for about a year and couldn't really complain, although I
use it only for remote work. I use GnuTLS-based Openconnect on other
computer with different OS and don't really see the difference in

I really don't know other people's opinions but if you ask me, sure make
it build. You could openly state in next release's release notes that it
works, but may be slow (and you recommend GnuTLS), so that you don't get
next mails from other people using LibreSSL and saying it's slow :)

On 08/31/16 08:15 PM, David Woodhouse wrote:
> On Wed, 2016-08-31 at 20:01 +0200, Piotr Kubaj wrote:
>> When connecting I get:
>> SSL_set_session() failed with old protocol version 0x100
>> Are you using a version of OpenSSL older than 0.9.8m?
>> See
>> Use the --no-dtls command line option to avoid this message
>> Set up DTLS failed; using SSL instead
>> which is harmless
> It isn't harmless. It means you are using TCP over TCP, and your UDP
> transport is broken. The performance is going to suck if you see any
> packet loss on the Internet between you and the server.
> I can make it build if you really want, but I *really* don't want
> anyone actually *using* it like this. People should build against
> OpenSSL or GnuTLS instead, unless we can fix LibreSSL.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the openconnect-devel mailing list