Getting "SSL connection failure: PKCS #11 error." even when supplying the correct CA file
Noel Dieschburg
noel at cblue.be
Fri Sep 22 07:01:35 PDT 2017
Hi David,
First thank you for your quick answer ;)
Do you know if there is a way to do such things (disable RSA-512 signin
algo) without rcompiling the gnu-tls library? I found nothing for the
moement.
Best regards.
Noel
Le vendredi 22 septembre 2017 à 14:39 +0200, David Raison a écrit :
> Hi Nikos,
>
>
> On 22/09/17 02:38, Nikos Mavrogiannopoulos wrote:
> > Without using debugging tools you most likely never find the
> > culprit. From you previous logs, the client fails at signing with
> > rsa-sha512. A long shot may be that there is a buffer overflow
> > somewhere due to sha512. Have you tried eliminating this signing
> > algorithm from server (or client)?
>
> Unfortunately I don't control the server (or I wouldn't be using
> AnyConnect :P) but maybe Noël or I can try disabling RSA-SHA512 on
> the
> client side and see if that changes anything.
>
> Regards,
> David
>
More information about the openconnect-devel
mailing list