Linux Mint 20.1 5.4.0-70-generic OpenConnect version v8.05-1 Using GnuTLS. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP Supported protocols: anyconnect (default), nc, gp, pulse
I'll try to find out if the server's version is too old. Thanks Em seg., 29 de mar. de 2021 às 13:52, Daniel Lenski <dlen...@gmail.com> escreveu: > > On Sat, Mar 27, 2021, 9:35 AM Oton Marques Jr. <otonmarq...@gmail.com> wrote: > > > > I can connect to my company's vpn using cisco's client, but when I try > > it using openconnect (with servercert parameter), I get the > > following: > > -- > > $ openconnect GATEWAY-IP --servercert <pin-sha256> > > Connected to GATEWAY-IP:443 > > SSL negotiation with GATEWAY-IP > > Server certificate verify failed: signer not found > > Connected to HTTPS on GATEWAY-IP > > Failed to read from SSL socket: The TLS connection was non-properly > > terminated. > > Error fetching HTTPS response > > GET https://GATEWAY-IP/ > > Connected to GATEWAY-IP:443 > > SSL negotiation with GATEWAY-IP > > Server certificate verify failed: signer not found > > Connected to HTTPS on GATEWAY-IP > > Failed to read from SSL socket: The TLS connection was non-properly > > terminated. > > Error fetching HTTPS response > > Failed to obtain WebVPN cookie > > > What OS? What version of OpenConnect are you running and what crypto > library? Use `openconnect --version` to show it. > > If you're running a newer version of OpenConnect, against a very old > server… there is a chance that your server is ancient and uses some > ancient (and insecure) encryption, which OpenConnect will refuse to > connect to with this error. If so, you may need to use the > --allow-insecure-crypto option, which is not yet in a released version > of OpenConnect, but will be in the next one. > (https://gitlab.com/openconnect/openconnect/-/merge_requests/114) > > Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
