Getting "SSL connection failure: PKCS #11 error." even when supplying the correct CA file
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Fri Sep 22 07:03:36 PDT 2017
On Fri, Sep 22, 2017 at 4:01 PM, Noel Dieschburg <noel at cblue.be> wrote:
> Hi David,
>
> First thank you for your quick answer ;)
>
> Do you know if there is a way to do such things (disable RSA-512 signin
> algo) without rcompiling the gnu-tls library? I found nothing for the
> moement.
I believe you have to recompile openconnect and set to configure:
--with-default-gnutls-priority="NORMAL:-SIGN-RSA-SHA512"
(I'd also remove RSA-SHA384 to try with the more common SHA256)
--with-default-gnutls-priority="NORMAL:-SIGN-RSA-SHA512:-SIGN-RSA-SHA384"
regards,
Nikos
More information about the openconnect-devel
mailing list