On Wed, Jul 25, 2018, 1:03 PM Steve Langasek wrote:
>
> Generally speaking, packages which need to be updated in order to remain
>
> compatible with changes to protocols on the Internet at large (such as in
> this case, changes to the baseline TLS version that clients must negotiate
> in order to
On 07/25/2018 10:02 AM, Steve Langasek wrote:
> At this point I would suggest opening a bug report against the package so
> this question can be weighed there.
>
> https://bugs.launchpad.net/ubuntu/+source/openconnect/+filebug
Thanks for the help, everybody! Here's the Ubuntu bug report:
http
Hi Dave,
On Fri, Jul 20, 2018 at 09:54:35AM -0700, Dave Hansen wrote:
> TL;DR: openconnect on Ubuntu 14.04 fails to connect to Intel VPN servers
> that blacklist TLS 1.0. Where should this get fixed?
On the Ubuntu side, we would tend to defer to openconnect upstream regarding
what the correct wa
On Tue, Jul 24, 2018 at 14:50:03 -0700, Dave Hansen wrote:
> Right, Ubuntu (14.04) doesn't have the first two cases, only the third.
> But, I was basically asking (despite being an ancient version of
> openconnect) whether this affects upstream openconnect.
>
> The "gtls_ver(3,0,0)" in upstream op
On 07/24/2018 01:01 PM, Nikos Mavrogiannopoulos wrote:
>> Am I misreading the code?
>>
>> If compiled with !DEFAULT_PRIO and we miss both the gtls_ver(3,2,9) and
>> gtls_ver(3,0,0) checks, won't we do
>> "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:"... from the else{} block below?
>>
>> I read that as "when
On Tue, Jul 24, 2018 at 9:50 PM, Dave Hansen wrote:
> On 07/24/2018 12:22 PM, Nikos Mavrogiannopoulos wrote:
>>> Further, this code still seems to be around in openconnect, at least
>>> when compiled against old versions of gnutls:
>>>
>>> https://github.com/openconnect/openconnect/blob/master/gnu
On 07/24/2018 12:22 PM, Nikos Mavrogiannopoulos wrote:
>> Further, this code still seems to be around in openconnect, at least
>> when compiled against old versions of gnutls:
>>
>> https://github.com/openconnect/openconnect/blob/master/gnutls.c#L2202
>>
>> Is this something Ubuntu can fix in their
On Fri, Jul 20, 2018 at 6:54 PM, Dave Hansen wrote:
> TL;DR: openconnect on Ubuntu 14.04 fails to connect to Intel VPN servers
> that blacklist TLS 1.0. Where should this get fixed?
>
> ---
>
> I'm running a rather vintage Ubuntu 14.04 which ships a rather
> unmodified openconnect 5.02 package.
On Tue, Jul 24, 2018 at 6:21 PM, Daniel Lenski wrote:
> On Fri, Jul 20, 2018 at 9:54 AM, Dave Hansen wrote:
>> TL;DR: openconnect on Ubuntu 14.04 fails to connect to Intel VPN servers
>> that blacklist TLS 1.0. Where should this get fixed?
>
> This seems to be a common feature of newer Cisco ser
On Fri, Jul 20, 2018 at 9:54 AM, Dave Hansen wrote:
> TL;DR: openconnect on Ubuntu 14.04 fails to connect to Intel VPN servers
> that blacklist TLS 1.0. Where should this get fixed?
This seems to be a common feature of newer Cisco servers. I tried
handshaking with a bunch of Cisco servers with "
TL;DR: openconnect on Ubuntu 14.04 fails to connect to Intel VPN servers
that blacklist TLS 1.0. Where should this get fixed?
---
I'm running a rather vintage Ubuntu 14.04 which ships a rather
unmodified openconnect 5.02 package. It uses the following as a
priority string for the TLS session:
11 matches
Mail list logo
