Trying to build openconnect 8.20 on ubuntu 20

Nikos Mavrogiannopoulos n.mavrogiannopoulos at outlook.com
Fri Mar 18 02:43:07 PDT 2022


I find that a futile goal as it goals against the consistency and minimization of attack surface goal that these policies are based on. Eventually these protocols will completely be removed from the OS libraries. It would be better to focus on giving good instructions to the user and warnings that these protocols will not be available for long, to help towards a transition to the newer generation of protocols rather than focus on keeping the old beasts alive.

regards,
Nikos

________________________________________
From: Dimitri Papadopoulos <dimitri.papadopoulos at cea.fr>
Sent: Thursday, March 17, 2022 10:30
To: Nikos Mavrogiannopoulos; Daniel Lenski; David Woodhouse
Cc: Eveno, Manuel; openconnect-devel
Subject: Re: Trying to build openconnect 8.20 on ubuntu 20

One could re-enable TLS < 1.2, but it's always the same story: I don't
want to do that for a whole system, just for specific (client) software.

Dimitri

Le 16/03/2022 à 18:20, Nikos Mavrogiannopoulos a écrit :
> Note that Ubuntu disables TLS versions < 1.2. It is possible to re-enable them via configuration changes as in:
> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.ubuntu.com%2FSecurity%2FFeatures%23disable-legacy-tls&data=04%7C01%7C%7C3ef95dbaf64941bdae4508da07f8e1b5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637831062796710907%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=VH6qyo%2Bgn5kJ4y4s%2BxeSxyov9W4SO6py5CdNgljuz%2B0%3D&reserved=0
>
> regards,
> Nikos



More information about the openconnect-devel mailing list