> Can you reproduce the server error with 'openssl s_client'? E.g. > something like the following, perhaps futzing with -psk* options in addition > to -dtls/-dtls1/-dtls1_2… > > openssl s_client -debug -dtls -connect 10.215.0.62:8443
Thanks for the tip about using s_client. I'm not familiar enough with DTLS to know what PSK to use for DTLS (isn't it output from the AnyConnect authentication phase?) but I did try the above with no additional options. The server doesn't respond to the ClientHello, but I can see that it has DTLS1.2 in the handshake. If I use -dtls1 instead, then the version in the handshake is DTLS1, as one would expect. Will dig into it further. MV _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
