Getting "SSL connection failure: PKCS #11 error." even when supplying the correct CA file

Noel Dieschburg noel at cblue.be
Fri Sep 22 07:06:30 PDT 2017


OK, cool, I'll give it a try and keep you informed. 

Best regards. 


Noel


Le vendredi 22 septembre 2017 à 16:03 +0200, Nikos Mavrogiannopoulos a
écrit :
> On Fri, Sep 22, 2017 at 4:01 PM, Noel Dieschburg <noel at cblue.be>
> wrote:
> > Hi David,
> > 
> > First thank you for your quick answer ;)
> > 
> > Do you know if there is a way to do such things (disable RSA-512
> > signin
> > algo) without rcompiling the gnu-tls library? I found nothing for
> > the
> > moement.
> 
> I believe you have to recompile openconnect and set to configure:
> --with-default-gnutls-priority="NORMAL:-SIGN-RSA-SHA512"
> 
> (I'd also remove RSA-SHA384 to try with the more common SHA256)
> --with-default-gnutls-priority="NORMAL:-SIGN-RSA-SHA512:-SIGN-RSA-
> SHA384"
> 
> 
> regards,
> Nikos



More information about the openconnect-devel mailing list