DTLS disabled on server?
David Woodhouse
dwmw2 at infradead.org
Mon Oct 3 12:35:28 PDT 2016
On Mon, 2016-10-03 at 21:24 +0200, Peter Brant wrote:
>
> DES-CBC3-SHA
> AES128-SHA
> DHE-RSA-AES128-SHA
> AES256-SHA
> DHE-RSA-AES256-SHA
>
> The server is now returning X-DTLS-CipherSuite: AES256-SHA.
>
> I must confess my knowledge of encryption is rudimentary. Is the High
> selection even reasonable? If so, might it be supported in a later
> version of OpenSSL?
It'll work today. Can you build the client with OpenSSL and just try
adding '--dtls-ciphers DHE-RSA-AES256-SHA' or
'--dtls-ciphers DHE-RSA-AES128-SHA' on the command line?
If that's working, I'll try to fix it for the GnuTLS build too.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20161003/a7dacae5/attachment.bin>
More information about the openconnect-devel
mailing list