[External]Re: openconnect+OpenSSL failing DTLS handshake with ocserv+GnuTLS
Vuille, Martin (Martin)
vmartin at avaya.com
Wed Jul 14 12:50:52 PDT 2021
> Can you reproduce the server error with 'openssl s_client'? E.g.
> something like the following, perhaps futzing with -psk* options in addition to -dtls/-dtls1/-dtls1_2…
>
> openssl s_client -debug -dtls -connect 10.215.0.62:8443
Thanks for the tip about using s_client.
I'm not familiar enough with DTLS to know what PSK to use for DTLS (isn't it output from the AnyConnect
authentication phase?) but I did try the above with no additional options.
The server doesn't respond to the ClientHello, but I can see that it has DTLS1.2 in the handshake.
If I use -dtls1 instead, then the version in the handshake is DTLS1, as one would expect.
Will dig into it further.
MV
More information about the openconnect-devel
mailing list