I confirm workaround mentioned in #32 works on debian 12 with
GlobalProtect UI version 6.1.2-82
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1960268
Title:
SSL
Workaround mentioned in #32 by fru1z works like a charm on several
Ubuntu 22.04 Gnome-Shell/Wayland installs (.deb install of
GlobalProtect_UI_deb-6.0.0.1-44.deb), thanks for sharing it!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
Can confirm that fix by fru1z #32 works with GlobalProtect 6.0.5-12
running on 22.04! Thanks!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1960268
Title:
SSL handshake
If anyone arrived here looking for a solution for Fedora, here it is:
Edit /etc/crypto-policies/back-ends/opensslcnf.config
Add this line before [openssl_init]:
Options = UnsafeLegacyRenegotiation
If you're wondering why this is needed, take your GlobalProtect portal address
and check it at
The comment by @fru1z (#32) worked for me on Ubuntu 22.04 with
GlobalProtect 5.3.1-36. Be sure to comment out the line mentioned in the
instructions. Adding the "Options = UnsafeLegacyRenegotiation" line by
itself did not work for me.
--
You received this bug notification because you are a
I too have upgraded to Ubunutu 22.04 and have GlobalProtect 5.2.6-18 and
@frulz instructions above helped me correct the issue. Thank you!
Hopefully PAN will get this fixed in an updated version.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
I have upgraded to Ubuntu 22.04 .1 LTS and have GlobalProtect 5.1.6-6.
I followed @fru1z instructions and fixed the issue. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
@dragu-stelian, you do not have the same issue. Looking at your logs, it
seems your client cannot reach your server over the network. This is not
related to openssl. If it were, the issue would manifest no matter from
where you're attempting to connect.
--
You received this bug notification
Hi everyone!
Same issue on Ubuntu Server 22.04, unfortunately the suggestion from Fernando
Ruiz (fru1z) doesn't work.
When I am trying to connect from local network everything is ok, I am connected
on VPN, but when I am trying from another network doesn't work.
See attachment.
** Attachment
Hello there !
Same issue for me on Ubuntu 22.04, the suggestion from Fernando Ruiz
(fru1z) fixed my problem too.
Edited /usr/lib/ssl/openssl.cnf and just added :
[system_default_sect]
Options = UnsafeLegacyRenegotiation
--
You received this bug notification because you are a member of Ubuntu
Had the same issue, the suggestion from Fernando Ruiz (fru1z) fixed my
problem as well:
Edited /usr/lib/ssl/openssl.cnf
And just added to the system_default_sect section
Options = UnsafeLegacyRenegotiation
I am using Linux Mint 21 (vanessa)
--
You received this bug notification because you are
[Expired for openssl (Ubuntu) because there has been no activity for 60
days.]
** Changed in: openssl (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
the update on https://launchpad.net/ubuntu/+source/wpa/2:2.10-6ubuntu1
which allows legacy renegociation by default might fix some of the
issues reported on this bug
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in
Same issue:
PanGPLinux-5.3.2-c3 broke after upgrade to Ubuntu 22.04
above solution from Fernando worked for me.
thanks @fru1z and @kelly-schoenhofen
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
I use this version: PanGPLinux-5.3.2-c3
To make it work for me in this version, I modified the configuration
file: /usr/lib/ssl/openssl.cnf
and comment the following section:
-
# [openssl_init]
# providers = provider_sect
I upgraded 21.10 to 22.04 and openssl 3 "broke" globalprotect 6.0.0.44.
I was able to follow suoko's solution as-is until step #5, it would never
return a value, I couldn't successfully finish authenticating. I installed
gpclient and had the same issue (authentication error), ultimately I went
The solution given by @suoko works fine. Thank you so much!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1960268
Title:
SSL handshake failed - VPN SSL
The gpclient GUI works too.
OPENSSL_CONF=~/ssl.conf gpclient
Enter a valid gateway URL instead of the portal URL
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1960268
Actually, it *is* an issue with the VPN provider. The OpenSSL developers
have made a deliberate decision not to enable unsecure renegotiation
anymore, see this commit for more details:
https://github.com/openssl/openssl/commit/72d2670bd21becfa6a64bb03fa55ad82d6d0c0f3
Note that this change is
I'm seeing the same issue since upgrading to 22.04. Running it trough
the command line as indicated above works fine, so it's probably not an
issue with the VPN provider.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
I find this solution:
0) sudo apt install python3-gi gir1.2-gtk-3.0 gir1.2-webkit2-4.0 &&
pip3 install https://github.com/dlenski/gp-saml-gui/archive/master.zip
1) Create ~/ssl.conf
openssl_conf = openssl_init
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default =
@suoko please contact your VPN provider, as their client might not be
compatible with OpenSSL 3.0. There isn't much we can do on our end.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
@tallagrand, the certificate looks correct. I think your issue might be
with the smartcard support, so either in opensc or openvpn.
Either way, could you open a new issue? This is not the same problem as
OP.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
sorry for the delay
openssl x509 -in olps.crt -text | grep -i algorithm
Signature Algorithm: sha256WithRSAEncryption
Public Key Algorithm: rsaEncryption
Signature Algorithm: sha256WithRSAEncryption
--
You received this bug notification because you are a member of Ubuntu
Hi!
Could you run the follwoing command on your server certificate?
openssl x509 -in $SERVER_CRT -text | grep -i algorithm
With the new OpenSSL version, older certificates with SHA1 digests are
now invalid by default.
--
You received this bug notification because you are a member of Ubuntu
we use gnome not kde
ii gnome-desktop3-data42.0-1ubuntu1
all Common files for GNOME desktop apps
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
uname -a
Linux yd-vmc54aadcd 5.15.0-25-generic #25-Ubuntu SMP Wed Mar 30 15:54:22 UTC
2022 x86_64 x86_64 x86_64 GNU/Linux
dpkg -l | grep safenet
ii safenetauthenticationclient-core 10.7.77-1ubuntu1
amd64SAC PKCS#11 middleware
--
You received
we have quite the same problem in 22.04
we use openvpn client with PKI
Apr 13 16:51:56 openvpn[12898]: PKCS#11: pkcs11_terminate - entered
Apr 13 16:51:56 openvpn[12898]: PKCS#11: pkcs11h_terminate entry
Apr 13 16:51:56 openvpn[12898]: PKCS#11: Terminating openssl
Apr 13 16:51:56 openvpn[12898]:
Now with latest update to x86_64-linux-gnu/libQt5Network.so.5.15.3
there's no hack available anymore
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1960268
Title:
SSL
Global Protect VPN is a VPN client (like openvpn) which connects your desktop
to a VPN.
After you're connected you can acccess some remote PCs via rdp, and I used to
use remmina to do that
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
I'm sorry, I still don't understand. Is Global Protect VPN a piece of
software that runs on your Ubuntu install? Do you use Remmina on top of
that, or is it a potential replacement? Which application is the one
emitting the handshake error?
** Changed in: openssl (Ubuntu)
Status: New =>
Clarify???
I claerly mention global protect VPN, it's a closed software from Palo alto,
and it doesn't work.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1960268
Title:
Could you clarify what exactly you are trying to achieve? You mention
both a VPN and the RDP protocol. Knowing exactly which software you're
using could help us track down some more logs to know more about the
failure. Without more information there isn't much we can do.
--
You received this bug
@simon
unfortunately the but is still there
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1960268
Title:
SSL handshake failed - VPN SSL broken in 22.04
Status in
@suoko: could you retry with the current version from jammy (22.04)? The
Qt packages have been updated a couple of weeks ago with better OpenSSL
3 support, which hopefully fixes your issue?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
Remmina appimage works correctly, so a workaround is available
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1960268
Title:
SSL handshake failed - VPN SSL broken in
The solution here https://bugs.launchpad.net/ubuntu/+source/qtbase-
opensource-src/+bug/1952977 solves the problem
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-
src/+bug/1952977/+attachment/5544787/+files/libqt5network5_5.15.2+dfsg-13_amd64.deb
apport information
** Tags added: jammy
** Description changed:
I'm trying to connect with global protect VPN but fails at login with:
SSL handshake failed
Failed to load URL https://...
QtNetwork Error 6
Another VPN client does work but the rdp connection to a remote server
apport information
** Package changed: qtwebkit-opensource-src (Ubuntu) => openssl (Ubuntu)
** Tags added: apport-collected impish wayland-session
** Description changed:
I'm trying to connect with global protect VPN but fails at login with:
SSL handshake failed
Failed to load URL
** Package changed: ubuntu => qtwebkit-opensource-src (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to qtwebkit-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1960268
Title:
SSL handshake failed - VPN
40 matches
Mail list logo