On Mon, Apr 11, 2022 at 6:00 PM Dan Lenski <[email protected]> wrote:
> > My feeling is that curl should set the SSL option when -k is used. > openconnect itself sets this option already, it was fixed in commit > c8dcf10 > > If you replace the cURL invocation in the CSD/Trojan script with… > > ``` > OPENSSL_CONF=/dev/null curl <usual options> > ``` > > … does this make it work? (For some hints about how/why it should work, > No, it didn't change, I tested with: # OPENSSL_CONF=/dev/null curl -k -v https://x.x.x.x/ * ALPN, offering h2 * ALPN, offering http/1.1 * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (OUT), TLS header, Unknown (21): * TLSv1.2 (OUT), TLS alert, handshake failure (552): * error:0A000152:SSL routines::unsafe legacy renegotiation disabled * Closing connection 0 curl: (35) error:0A000152:SSL routines::unsafe legacy renegotiation disabled Inside ubuntu:22.04 as a docker container just to test curl. Thanks, Jason -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968467 Title: CSD scripts do not work on jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openconnect/+bug/1968467/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
