On Fri, Jul 08, 2016 at 05:43:21PM +0100, David Woodhouse wrote: > > This broke the OpenConnect VPN client, which now fails thus: > > DTLS handshake failed: 1 > 67609664:error:141640B5:SSL routines:tls_construct_client_hello:no ciphers > available:ssl/statem/statem_clnt.c:927: > > I tried the naïvely obvious step of changing all instances of > DTLS1_VERSION as the minimum, to DTLS1_BAD_VER. That didn't help.
Can you describe how DTLS1_BAD_VER is supposed to work? Is this version send over the wire? Is it negotiated? We have no test suite coverage doing anything with DTLS1_BAD_VER and I think the OpenConnect VPN is the only user of it. Kurt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
