DTLS disabled on server?

David Woodhouse dwmw2 at infradead.org
Sun Sep 25 02:31:45 PDT 2016


On Sun, 2016-09-25 at 10:55 +0200, Peter Brant wrote:
> My guess is that DTLS is simply disabled on the server.
> Is there something in the --verbose output that would confirm this?

The complete absence of any mention of DTLS, as you said, is a fairly
strong hint. We send the DTLS options to the server and it completely
ignores them.

You could add --dump-http-traffic and confirm that we're really trying,
but DO NOT send the output of that to the list. Filter passwords and
cookies out of it before you send it to me in private if you wish.

> Behavior is the same with OpenConnect v.5.02 and 6.0.

I'm not aware of anything specific which would cause this, but 6.0 was
a long time ago. Can you try with the latest from git, or at least the
7.08 release?

Do you know if the official Cisco clients manage to get DTLS with this
server? And has the server recently been changed? 

-- 
dwmw2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160925/e0706e9f/attachment.bin>


More information about the openconnect-devel mailing list