Getting "SSL connection failure: PKCS #11 error." even when supplying the correct CA file
Noel Dieschburg
noel at cblue.be
Fri Sep 22 07:06:30 PDT 2017
OK, cool, I'll give it a try and keep you informed.
Best regards.
Noel
Le vendredi 22 septembre 2017 à 16:03 +0200, Nikos Mavrogiannopoulos a
écrit :
> On Fri, Sep 22, 2017 at 4:01 PM, Noel Dieschburg <noel at cblue.be>
> wrote:
> > Hi David,
> >
> > First thank you for your quick answer ;)
> >
> > Do you know if there is a way to do such things (disable RSA-512
> > signin
> > algo) without rcompiling the gnu-tls library? I found nothing for
> > the
> > moement.
>
> I believe you have to recompile openconnect and set to configure:
> --with-default-gnutls-priority="NORMAL:-SIGN-RSA-SHA512"
>
> (I'd also remove RSA-SHA384 to try with the more common SHA256)
> --with-default-gnutls-priority="NORMAL:-SIGN-RSA-SHA512:-SIGN-RSA-
> SHA384"
>
>
> regards,
> Nikos
More information about the openconnect-devel
mailing list